Live intelligence feed
2698 collected events across every source — vulnerabilities, rulemaking and (soon) advisories, enforcement & news — newest first. This is the raw stream behind the compliance boards.
All sources
CISA KEV · 1644
NVD CVE · 609
News · 229
eCFR · 98
CISA advisory · 21
DoD CIO CMMC · 21
DC3 DCISE · 19
DOJ FCA · 16
Fed. Register · 11
DCSA · 10
Cyber AB docs · 10
NIST · 9
OIRA · 1
⊙ Subscribe (RSS)
this exact view — open in your feed reader
-
Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.
-
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply...
-
The Accenture Federal Technology Vision addresses the five technology trends poised to have the greatest impact on how government operates over the next three years. Today, we look at Trend 5: From Me to We, which promises to place the ecosystem at the...
-
The Accenture Federal Technology Vision looks at five technology trends likely to have the most significant impact on how government operates over the next three years. Today, we look at Trend 4: Anywhere, Everywhere, considering the implications of...
-
The Accenture Federal Technology Vision examines the five technology trends poised to have the broadest impact on how government operates over the next three years. Today, we consider Trend 3: I, Technologist, which looks at how technology can unlock human...
-
The Accenture Federal Technology Vision highlights the five technology trends poised to have the most significant impact on how government operates over the next three years. Today, we look at Trend 2: Mirrored World, which promises to drive improvements...
-
The Accenture Federal Technology Vision addresses the five technology trends poised to have the most significant impact on how government operates over the next three years. Today, we look at Trend 1: Stack Strategically as it promises to be a game-changer...
-
Even before the COVID-19 pandemic, technology was establishing itself as a driving force in government, with cloud computing, artificial intelligence, automation, and other advances changing the way agencies meet the mission. The pandemic accelerated all...
-
Rather than focus on a single topic or recent news event in this column, let’s talk about a number of important Federal government management matters. Think of it as the good government version of Chris Berman's complete NFL highlights coverage in 60 seconds...
-
As we have seen with recent security breaches – including the SolarWinds attack – it can be challenging for Federal security leaders to effectively detect cyber threats across their networks. In the last few decades, private sector organizations have...
-
The bipartisan infrastructure agreement announced with much fanfare by the White House and a handful of Democratic and Republican senators on June 24 remains a feel-good topic in the nation’s Capitol – after all, who doesn’t like the old-fashioned notion...
-
252.204-7023 Reporting Requirements for Contracted Services.
-
252.204-7018 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services.
-
Like many before him, President Biden seems to recognize that a crisis presents both danger and opportunity. Facing a barrage of high-profile cyberattacks, the President’s recent Cybersecurity Executive Order also illustrates the profound opportunity in...
-
Many of us are going back to work in person – and this includes the Federal government. The Office of Management and Budget (OMB), Office of Personnel Management (OPM), and General Services Administration (GSA) announced on June 10 that the 25 percent...
-
For decades, Federal chief information security officers (CISOs) focused on protecting a traditional perimeter and the users within. Today, however, they recognize that there are a seemingly endless number of third-party partners, vendors, and customer...
-
The old adage “consistency is key” rings especially true for Federal cybersecurity operations centers (CSOCs) today. Agencies who pay close attention to their operations center but lack visibility and control of cybersecurity blind spots – specifically...
-
Earlier this month, in a May 6 column, I offered up a President’s Management Agenda framework – PMA 46 – for the Biden-Harris Administration as we awaited the full FY 2022 budget proposal, which was publicly released today. While the so-called...
-
252.204-7017 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services - Representation.
-
252.204-7007 Alternate A, Annual Representations and Certifications.
-
252.204-7022 Expediting Contract Closeout.
-
It is hard to believe that we are coming up on a year of living with COVID-19. In February 2020, countries around the world were beginning to institute travel restrictions, and organizations were shifting large portions of their teams to working from home....
-
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery...
-
The Biden administration – less than four months after taking office – has thus far developed a reputation for going “big” with its policy and spending aims.
-
In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the...
-
A billion of anything isn’t quite what it used to be, but it’s still a lot. And when that billion is dollars for the Technology Modernization Fund (TMF) – a great vehicle that has been underutilized because of low funding levels and strict repayment rules...
-
President Biden on April 9 released a massive $1.52 trillion fiscal year 2022 spending plan that reflects his vision of an expanded – and expansive – Federal government that boosts spending for domestic programs and addresses issues such as education,...
-
Digital identities are becoming increasingly important elements of today’s connected infrastructure across the public sector. Boosted by the growth in remote working over the past year, protecting their integrity is key to securing critical IT systems and...
-
Disinformation is undoubtedly on more people’s radars – Federal IT pros included – heading into 2021 and beyond. But just because we know more about it doesn’t mean we are better prepared to face the challenge that disinformation is posing.
-
The United States was once a leader in the collection and utilization of public health data. As the COVID-19 pandemic wears on, the United States must resume its leadership in this domain.
-
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
-
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
-
With many states admitting to substantial fraudulent payments due to poor management and problematic unemployment insurance (UI) application systems, what are they doing about fraud in other state programs that collectively make up another giant elephant...
-
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
-
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
-
While the latest Federal Information Technology Acquisition Reform Act (FITARA) scorecard shows all agencies have passing total scores, not one agency’s Cyber score changed from the FITARA 10.0 scorecard issued earlier in 2020.
-
252.204-7018 Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services.
-
We're excited to welcome Joe Biden, the 46th President, to office.
-
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.
-
With the Solarwinds breach and CDM budget shortfall, it's never been more important to communicate the importance of cyber security to the Hill and appropriators. Time to change the menu to increase the appetite for cyber security investment.