Press release: CISA, DHS S&T, INL, LSU Help Energy Industry Partners Strengthen Incident Response and OT Cybersecurity https://www.cisa.gov/news-events/news/cisa-dhs-st-inl-lsu-help-energy-industry-partners-strengthen-incident-response-and-ot-cybersecurity #CISA #cybersecurity #infosec
Now eliminated, #CISA had provided resources and tools to help officials make #electionoffices, #votinglocations, and #tabulationcenters safe, including assessments that evaluate the physical security of facilities, identify vulnerabilities… Ahead of the 2024 election, CISA conducted nearly 1,300 physical security assessments for election stakeholders…even in the face of an array of physical threats, such as bomb threats, the destruction of ballot drop boxes…
Two of CISA’s most senior cybersecurity leaders have just resigned — amid growing concerns about staffing cuts and political disruption at the nation’s top cyber defense agency.
Bob Lord and Lauren Zabierek announced their departures Monday morning. Both were instrumental in shaping CISA’s Secure by Design initiative — the agency’s effort to hold tech companies accountable for insecure software and push for systemic product security reform.
- Bob Lord previously led security at the DNC, Yahoo, and Twitter, and was the first CSO at the DNC post-2016 Russia-linked breaches.
- Lauren Zabierek formerly led the Cyber Project at Harvard’s Belfer Center and has a deep background in both intelligence and cybersecurity policy.
While neither disclosed what’s next, their departures come during a period of intense change at CISA:
- Up to 1,300 employees — nearly half the agency — could be cut under the current administration
- DHS recently offered buyouts to staff, and earlier layoffs were challenged in court
- CISA’s leadership and mission are in flux, with its future role in national cyber defense uncertain
Both leaders emphasized the importance of Secure by Design as a foundation for future cyber resilience:
- “There’s a role for everyone in making software safer,” wrote Lord
- Zabierek added: “What started as a government-led call to action has become a global movement”
CISA’s Executive Director Bridget Bean thanked them, saying:
“While our approaches to Secure by Design evolve, our commitment to the principles remains steadfast.”
At @Efani, we believe in cybersecurity that begins at the design phase — not after a breach. We thank Lord and Zabierek for advancing that mission inside government and hope the private sector continues to carry the baton forward.
Bob Lord, a senior technical advisor, and Lauren Zabierek, a CISA senior advisor.
The Record: Two top cyber officials resign from CISA https://therecord.media/two-top-cyber-officials-resign-from-cisa @therecord_media #cybersecurity #infosec #CISA
#CISA, la Agencia de Ciberseguridad y Seguridad de las Infraestructuras de EE.UU. ha suspendido sus contratos con Censys y VirusTotal
https://nextgov.com/cybersecurity/2025/04/cisa-warns-threat-hunting-staff-end-google-censys-contracts-agency-cuts-set/404680/
With Chinese diplomats reportedly admitting to targeting US Critical Infrastructure as a "warning to the U.S. about Taiwan" and some in the industry war-gaming the possibility of Cyber Effects being used to sway the Trade dispute between the US and China, now seemed a good time to do a reality check on how - if at all - China would do so.
The bottom line - expect a surge in cyber espionage and signaling campaigns targeting US telcos and leadership to provide the CCP a competitive advantage in negotiations and their backdoor dealings.
Cyber Security doesn't operate in a vacuum - here's a good example of where geopolitics starts to seep in at the edges: https://opalsec.io/is-cyber-a-legitimate-weapon-in-a-tariff-war/
US National Security Watchdogs Muzzled as Foreign Disinformation Efforts Flourish under Trump
#Cybersecurity #NationalSecurity #Disinformation #TrumpAdmin #DonaldTrump #USPolitics #CISA #StateDepartment #FBI #DOGE #ElonMusk #Security #Policy #USA
Earlier this month, #Trump issued 2 #ExecutiveOrders revoking the #security clearances of #ChrisKrebs, who led #CISA under during Trump’s first term & rebutted his claims that the 2020 election had been rigged & stolen, & #MilesTaylor, who once served as chief of staff at the #DHS. Taylor anonymously wrote a NYT opinion essay in 2018 accusing Trump of rampant “amorality” & telling of an internal government “resistance.”
CISA extends funding to ensure 'no lapse in critical CVE services' | @BleepingComputer
"The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience."
Oracle Cloud Breach: CISA Issues Urgent Alert for Users
A recent security breach at Oracle's cloud infrastructure has left thousands of customer credentials exposed, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to issue a warning. ...
https://news.lavx.hu/article/oracle-cloud-breach-cisa-issues-urgent-alert-for-users
Extremely fine, and frightening account of how #DOGE most likely exfiltrated data from the systems of the National Labor Relations Board #NLRB:
»In the days after #Berulis and his colleagues prepared a request for #CISA's help investigating the breach, Berulis found a printed letter in an envelope taped to his door, which included threatening language, sensitive personal information and overhead pictures of him walking his dog, according to the cover letter attached to his official disclosure. It's unclear who sent it, but the letter made specific reference to his decision to report the breach.«
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
The #FBI has shut down its #ForeignInfluence task force. #CISA has ended its efforts to expose #disinformation. And this week the #State Dept put employees who tracked global disinformation on leave, shutting down the effort that had publicized the spread of #Chinese & #Russian #propaganda.
Almost 3 months into #Trump’s 2nd term, the guardrails intended to prevent #NationalSecurity missteps have come down as the new team races to anticipate & amplify the wishes of an #unpredictable president.
#CISA tags #SonicWall #VPN flaw as actively exploited in attacks
U.S. #CISA adds #Apple products and #Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/176687/hacking/u-s-cisa-adds-apple-products-and-microsoft-windows-ntlm-flaws-to-its-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking
Deafening Silence from the Cybersecurity Industry
https://www.forbes.com/sites/tonybradley/2025/04/16/deafening-silence-from-the-cybersecurity-industry/
#ycombinator #Chris_Krebs #CISA #2020_election #election_security #The_Big_Lie #Donald_Trump #executive_order #cybersecurity_industry #Katie_Moussouris #Brian_Krebs
'Stupid and Dangerous': #CISA Funding Chaos Threatens Essential #Cybersecurity Program
The #CVE Program is the primary way software #vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.
Holy shit the details of this story about #DOGE taking over the #NLRB's systems are nuts.
1. Demanded full control of NLRB's #Azure cloud
2. Disabled logs and network monitoring
3. MFA turned off
4. Russian login attempts with valid (new) credentials
5. 10 GB exfiltrated from #NxGen, the NLRB's legal case database
#CISA warns of increased breach risks following #OracleCloud leak
This warning comes after #Oracle confirmed in email notifications sent to customers that a threat actor leaked credentials stolen from what the company described as "two obsolete servers."
However, Oracle added that its Oracle Cloud servers were not compromised, and the incident didn't impact its cloud services or customer data.
https://www.bleepingcomputer.com/news/security/cisa-warns-of-increased-breach-risks-following-oracle-cloud-leak/
️
Hacker News 
