The Department of Defense confirmed it has not experienced a widespread breach related to Microsoft SharePoint. Katie Arrington, the chief information officer, mentioned ongoing forensic investigations and daily communications with Microsoft since the recent vulnerability was found. Several federal agencies, including the Departments of Energy, Homeland Security, and Education, have faced potential compromises. While Chinese state-aligned groups are suspected in some hacking activities, no evidence of data exfiltration has emerged at DHS. Immediate action and patch deployment in response to zero-day vulnerabilities are emphasized as critical measures against ongoing threats from state actors.
As of right now, no, not that I'm aware of," Katie Arrington said at the ATO and Cloud Security Summit Thursday. Arrington said she's been doing daily calls with Microsoft while the department has been conducting forensics investigations since the 'zero-day' vulnerability was publicly identified this past weekend.
DHS issued a statement that its investigation into the hack remains ongoing but "there is no evidence of data exfiltration at DHS or any of its components at this time.
When zero-day vulnerabilities - which have not been previously uncovered and therefore give developers zero days to patch them - are found, cybersecurity professionals need to act immediately and apply those patches.
"Russia, China, Iran, North Korea, are they going to continue? Yes. Are they going to look for any hole that they can find? Yes."
Collection
[
|
...
]