"On August 29, the US Federal Emergency Management Agency fired its CISO, CIO, and 22 other staff for incompetence but insisted it wasn't in response to an online attack. According to DHS Secretary Kristi Noem, an audit found serious security problems at FEMA and revealed that "entrenched bureaucrats" had lied about the agency's security preparedness. "These deep-state individuals were more interested in covering up their failures than in protecting the Homeland and American citizens' personal data, so I terminated them immediately," she said."
"Crucially, Noem said no data had been lost but it appears that's not the case. According to a presentation passed to Nextgov, attackers broke into FEMA in June using stolen credentials to access a Citrix system. The attackers then uploaded data from FEMA's Region 6 servers, covering Arkansas, Louisiana, New Mexico, Oklahoma, and Texas. According to the documents, FEMA didn't discover the attack until July."
FEMA leadership dismissed multiple senior IT staff on August 29 amid findings of serious security failures and alleged cover-ups. Evidence indicates attackers used stolen credentials in June to access a Citrix system and exfiltrate data from FEMA Region 6 servers, with the intrusion not discovered until July. CISA issued guidance to patch against the CitrixBleed 2 vulnerability (CVSS 9.3) that can expose session tokens and bypass MFA, with warnings present in June. FEMA initiated a full IT personnel replacement, mandated password changes, and enforced multi-factor authentication. Separately, Palo Alto Networks GlobalProtect and PAN-OS systems experienced a surge in scanning attacks.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]