惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

aimingoo的专栏
aimingoo的专栏
Google DeepMind News
Google DeepMind News
S
SegmentFault 最新的问题
Project Zero
Project Zero
D
DataBreaches.Net
I
InfoQ
L
Lohrmann on Cybersecurity
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
The Register - Security
The Register - Security
Recorded Future
Recorded Future
Vercel News
Vercel News
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
I
Intezer
The Hacker News
The Hacker News
F
Fortinet All Blogs
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
Help Net Security
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Scott Helme
Scott Helme
T
Threatpost
爱范儿
爱范儿
N
Netflix TechBlog - Medium
D
Docker
云风的 BLOG
云风的 BLOG
C
Cisco Blogs
K
Kaspersky official blog
H
Help Net Security
S
Secure Thoughts
T
Threat Research - Cisco Blogs
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Security @ Cisco Blogs
Cyberwarzone
Cyberwarzone
N
News and Events Feed by Topic
G
Google Developers Blog
Forbes - Security
Forbes - Security
博客园 - 三生石上(FineUI控件)
博客园 - 叶小钗
B
Blog
Google DeepMind News
Google DeepMind News
Recent Announcements
Recent Announcements
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
P
Privacy International News Feed
Spread Privacy
Spread Privacy
The Last Watchdog
The Last Watchdog

The Register - Security: CSO

Anthropic's Mythos has The Kettle crew curious, skeptical 'People's Panel' to check if UK wants controversial Digital ID will cost £630K Top npm package backdoored to drop dirty RAT on dev machines Lightning-fast exploits mean patch fast, says Cisco Talos Lightning-fast exploits mean patch fast, says Cisco Talos Smooth criminals talking their way into cloud environments, Google says Cybercrime up 245% since the start of the Iran war Scattered Lapsus$ Hunters seeks women to defraud helpdesks Every day in every way, passwords are getting worse CISA quietly updated ransomware flags on 59 flaws last year Deepfake job seeker applied to work for an AI security firm Deepfake job seeker applied to work for an AI security firm AI-powered cyberattack kits are 'just a matter of time' AI-powered cyberattack kits are 'just a matter of time' FortiGate SSO bug still exploitable despite December patch FortiGate SSO bug still exploitable despite December patch Judge tosses CrowdStrike shareholder suit over 2024 outage DRAM shortage may drive firewall prices higher: analysts Ransomware attacks kept climbing in 2025 as gangs refused to stay dead Around 1,000 systems compromised in ransomware attack on Romanian water agency 1,000 systems pwned in Romanian Waters ransomware attack Half of exposed React servers remain unpatched amid attacks CISA warns spyware crews are breaking into Signal and WhatsApp accounts FCC guts Salt Typhoon telco rules despite espionage risk CISA orders feds to patch Oracle Identity Manager zero-day SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere SEC bails on SolarWinds lawsuit Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood Palo Alto kit sees massive surge in malicious activity Countries use cyber targeting to plan strikes: Amazon CSO Overconfidence is the new zero-day as teams stumble through cyber simulations UK's Cyber Security and Resilience Bill makes Parliamentary debut Cyber insurers paid out over twice as much for UK ransomware attacks last year Cyberpunks mess with Canada's water, energy, and farm systems Trump's workforce cuts blamed as America's cyber edge dulls Feds flag active exploitation of patched Windows SMB vuln How malware vaccines could stop ransomware's rampage Salesforce refuses to pay ransomware crims' extortion demand Germany slams brakes on EU's Chat Control snoopfest Germany slams brakes on EU's Chat Control snoopfest Employees regularly paste company secrets into ChatGPT Oracle tells Clop-targeted EBS users to apply July patch Red Hat repos raided, claims cybercrew, files stolen Suspected Chinese spies broke into 'numerous' enterprises UK gov acknowledges 'strong case' for JLR financial support JLR extends shutdown – again – as toll on workers laid bare UK chancellor blames cyberattacks on Russia despite evidence Fortra discloses 10/10 severity bug in GoAnywhere MFT Entra ID bug could have granted access to every tenant UEFI Secure Boot for Linux Arm64 – where do we stand? JLR says cyber cleanup to take additional week Insider blamed for FinWise data breach affecting nearly 700K Nork snoops whip up fake military ID with help from ChatGPT UK government dragged for incomplete security reforms Church of England abuse victims exposed by lawyer's email US spy chief claims UK backdown on Apple backdoor demand Workday confirms CRM breach via social engineering Black Hat/DEF CON: AI more useful for defense than hacking Ex-White House cyber guru talks Microsoft security fails CISA releases malware analysis for Sharepoint Server attack China: US spies used Microsoft Exchange 0-day to steal info Security pros drowning in threat-intel data Identity attacks surge 156% as phishermen get craftier Organizations can’t keep up with supply chain security musts Amazon CISO: Iranian hacking crews ‘on high alert’ UK data watchdog fines 23andMe £2.3M over 2023 breach Employers are demanding too much from junior cyber recruits FCA warned four staffers who pocketed regulator data Ransomware just wrecked your network – now what? Ivanti RCE attacks 'ongoing,' exploitation hits clouds Ex-NSA listened to Scattered Spider's calls: 'They're good' Snowflake CISO talks lessons learned from breaches, improv Why CVSS is failing us and what we can do about it Infosec pros still aren't nailing the basics of AI security Ransomware crims targeting systems between IT and operations Why aggregating asset inventory leads to better security NCSC and industry at odds over how to tackle shoddy software Powerschool extortionists may not have deleted stolen data CrowdStrike trims workforce by 5 percent, aims to rely on AI NSO Group must pay Meta $168M in WhatsApp spy case Ghost in the shell script: Boffins seek code correctness How Intruder finds what others miss in cloud security Linux malware can avoid syscall-based endpoint protection Infosec pro blabs about alleged malware mishap on LinkedIn The future of AI in cybersecurity in a word – optimistic CVE board 'kept in the dark' on funding, members say Security snafus caused by third parties up from 15% to 30% Blue Shield shared 4.7M people's health info with Google Ads Who needs phishing when your login's already in the wild? Bug hunter obtains an SSL cert for Alibaba Cloud in 5 steps
US cyber defenses are being dismantled from the inside
Steven J. Vaughan-Nichols · 2025-04-23 · via The Register - Security: CSO

OPINION We almost lost the Common Vulnerabilities and Exposures (CVE) database system, but that's only the tip of the iceberg of what President Trump and company are doing to US cybersecurity efforts.

When it comes to technology security, let's face it. We're lame and we're lazy. But we don't normally go out of our way to make it worse. Until now. Until President Donald Trump and his cohort of tech minions, better known as Elon Musk's Department of Government Efficiency (DOGE), took over.

You might think, if you're outside the US, who cares? Unfortunately, whether you like it or not, the US has long taken the lead in technical security.

Take, for example, the fact that we almost lost the Common Vulnerabilities and Exposures (CVE) database. Anyone familiar with cybersecurity will have heard of the CVE. It's the master list of essentially all security holes for the last 25 years.

As Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency (CISA), explained on LinkedIn: "It's the global catalog that helps everyone – security teams, software vendors, researchers, governments – organize and talk about vulnerabilities using the same reference system."

Without it, everyone is using a different catalog or no catalog at all, no one knows if they're talking about the same problem, and defenders waste precious time figuring out what's wrong. Worst of all, threat actors take advantage of the confusion.

How could such an important project go under? Easily. It wasn't funded. The group that oversees the CVE, CISA, had been targeted for staff cuts of over a third of its employees. In addition, CISA employees were given until midnight Monday to choose between staying on the job or resigning. So it was that the decision to extend the MITRE CVE contract didn't come until literally the 11th hour.

That contract will still run out in March 2026. Who knows if Trump et al will extend it again? Once upon a time, this kind of decision would be a no-brainer. I mean, all technology security, for better or worse, depends on the CVE system. Now? Your guess is as good as mine.

You can't depend on guesses when it comes to security.

The Trump administration's tenure, though, has already been marked by significant setbacks to US federal government technology security efforts, over and over again.

For example, General Timothy D. Haugh, the head of the National Security Agency (NSA) and US Cyber Command, was fired in early April. General Haugh was a pivotal figure in defending the nation's cyber infrastructure, especially noted for countering Russian interference dating back to the 2016 election. His dismissal, along with the removal of other senior cyber officials, has significantly weakened the country's cyber defense. Why? What was his offense? Laura Loomer, a far-right conspiracy theorist and Trump buddy, disliked him.

The administration has also systematically dismantled critical cybersecurity advisory bodies. Notably, the Cyber Safety Review Board (CSRB), established under the previous Biden administration to investigate major cyber incidents, was effectively disbanded by terminating all its members. This move halted investigations into significant cyberattacks, including the Chinese "Salt Typhoon" hacks.

Mind you, the Salt Typhoon attacks were also aimed at Trump and VP JD Vance, but for some reason, don't ask me why, they don't care. We already know that Trump is buddy-buddy with Russia, but China? The country he's having a major trade war with? This makes no sense to me.

So, who should be in charge of protecting the US's cyber resources? The state and local governments, would you believe?

According to Trump's Achieving Efficiency Through State and Local Preparedness executive order: "Preparedness is most effectively owned and managed at the State, local, and even individual levels, supported by a competent, accessible, and efficient Federal Government. Citizens are the immediate beneficiaries of sound local decisions and investments designed to address risks, including cyberattacks, wildfires, hurricanes, and space weather."

Part of that clearly sets the stage for getting rid of the Federal Emergency Management Administration (FEMA), but space weather!? Cyberattacks!!? Do you know how few real IT security experts are out there? Do you think all 50 states can hire enough? I don't. Oh, and let us not forget, cyberattacks aren't only made against, say, North Carolina and West Virginia, they hit everyone, everywhere. Fifty different groups trying to cope with state-sponsored elite hacking teams is too stupid for words.

Oh, and did I mention? Earlier in his tenure, Trump had cut funding for cybersecurity-specific federal grant programs. So, good luck hiring top-flight security mavens to protect your home state.

Let's also not forget the enemy inside. DOGE has access to sensitive federal systems. These include the Treasury Department's payment systems and the Social Security System. It appears that this data had been copied to God alone knows where and can now be accessed by people without the right to see or use it.

So not only has America's external cyber defenses been dismantled, but the data is out there for the greatest security attacks ever on individual citizens. 1.6 million people had their Social Security information stolen from an insurance company? That's so penny-ante.

The US will suffer the most from these self-inflicted security wounds, but the entire world will feel the pain. "Buckle up, we're in for a bumpy ride." ®