The Biden administration has taken the first step toward implementing a government-wide zero trust strategy with a memorandum addressed to all federal agencies, outlining the basic goals to be reached by the end of fiscal year 2024.
CISA directs federal agencies to adhere to the vulnerability management catalog and patch 300 exploited vulnerabilities assigned CVE IDs in 2021 within 2 weeks and 6 months for previous ones.
New Senate report reveals that the government’s biggest targets are not keeping pace with threats. Seven of eight federal agencies were found to have not made any meaningful improvements to their security since 2019.
Hackers exploited Pulse Connect Secure VPN vulnerabilities to collect passwords, install web shells, and bypass multi-factor authentication on victims’ networks, including federal agencies.