U.S. markets close in 5 hours 56 minutes

  • S&P 500

    4,625.13
    -5.52 (-0.12%)
     

  • Dow 30

    35,968.14
    -84.49 (-0.23%)
     

  • Nasdaq

    15,645.16
    -4.44 (-0.03%)
     

  • Russell 2000

    2,363.84
    +1.99 (+0.08%)
     

  • Crude Oil

    81.77
    -2.14 (-2.55%)
     

  • Gold

    1,767.20
    -22.20 (-1.24%)
     

  • Silver

    23.12
    -0.39 (-1.65%)
     

  • EUR/USD

    1.1574
    -0.0009 (-0.08%)
     

  • 10-Yr Bond

    1.5450
    -0.0040 (-0.26%)
     

  • GBP/USD

    1.3642
    +0.0023 (+0.17%)
     

  • USD/JPY

    114.0520
    +0.1100 (+0.10%)
     

  • BTC-USD

    61,757.72
    -2,040.49 (-3.20%)
     

  • CMC Crypto 200

    1,521.41
    -32.06 (-2.06%)
     

  • FTSE 100

    7,243.30
    -31.51 (-0.43%)
     

  • Nikkei 225

    29,520.90
    -126.18 (-0.43%)
     

U.S. federal agencies told to patch hundreds of security bugs

Zack Whittaker
·2 min read

The Biden administration has ordered nearly all federal agencies to patch hundreds of security bugs, some that were first found the best part of a decade ago.

The new binding operational directive, issued by the Cybersecurity and Infrastructure Security Agency on Wednesday, gives federal agencies six months to fix more than 300 security vulnerabilities that it has identified as carrying "significant risk" to their networks. Agencies have just two weeks to fix the more recent bugs from 2021, the directive said.

CISA said these security bugs, some of which date back to 2014 and 2015, are a "frequent attack vector" for cybercriminals targeting federal agencies.

The directive, first reported by The Wall Street Journal, applies to most civilian federal agencies, but carves out exceptions for networks run by the military and under the Defense Department or the intelligence community, which are managed separately.

Federal agencies are largely left to manage their cybersecurity efforts, like rolling out security patches. Since 2015, federal agencies were first mandated to fix "critical" security bugs within a month of public disclosure, and in 2019 that was expanded to include fixes for high-severity bugs as well.

But the government's own watchdog has said some federal agencies still struggle with the cybersecurity basics. According to the Journal, many of the bugs in the new directive weren't previously covered, a tacit nod to how seemingly less-impactful bugs can still cause significant damage or disruption if exploited.

“The Directive lays out clear requirements for federal civilian agencies to take immediate action to improve their vulnerability management practices and dramatically reduce their exposure to cyber attacks," said CISA Director Jen Easterly in a statement.

"While this Directive applies to federal civilian agencies, we know that organizations across the country, including critical infrastructure entities, are targeted using these same vulnerabilities. It is therefore critical that every organization adopt this Directive and prioritize mitigation of vulnerabilities listed in CISA’s public catalog," said Easterly.

Rep. Jim Langevin, a member of the House Armed Services' subcommittee on cyber, said the CISA directive "will go a long way towards strengthening network security and improving our federal cyber hygiene."

Just how bad is that hack that hit US government agencies?

Recommended Stories

  • Archive.ai aims to free marketers from their monotonous workflows

    When marketers Paul Benigeri and Geoffrey Woo were at their former companies, in food tech and e-commerce infrastructure, respectively, they experienced how manual and repetitive digital marketing workflows were, especially as the number of disparate and unintegrated marketing tools grew. With the goal of making their own lives easier, they formed Archive.ai in March to build technology that connects databases and distribution channels so they talk to each other and to address what they believe will be the future of marketing — “building with you” — versus the “talking at you” approach the founders believe traditional digital marketing is doing. Its two initial products are Archive, a Shopify app that automatically detects, classifies and saves Instagram stories relating to a brand, and Archive Communities, which makes influencer marketing programmatic so that brands can more quickly scale their community-building efforts.

  • October private payrolls rose by 571,000, topping expectations: ADP

    ADP released its monthly report on private payrolls Wednesday morning.

  • Stimulus checks are coming in 2022 for one group that's still due COVID relief

    You might be surprised by which Americans are eligible for pandemic payments next year.

  • Congresswoman wants crackdown on imported steel of a type produced by Cleveland-Cliffs

    Monday’s letter from Kaptur urges the Biden Administration to “immediately address this critical transformer supply chain vulnerability.”

  • Russia Insists That It Is Not Weaponizing Gas Exports

    Though Russian President Vladimir Putin has insisted that Moscow is not weaponizing its energy resources, EU members seem to disagree.

  • Biden Keeps Pressure on OPEC+ to Boost Output, Citing Inflation

    (Bloomberg) -- U.S. President Joe Biden kept up the pressure on OPEC+ to combat high oil prices, blaming it for inflationary pressure at home just two days before Saudi Arabia, Russia and the rest of the cartel meet to discuss oil policy.Most Read from BloombergSupply Chain Crisis Risks Taking the Global Economy Down With ItInto the Metaverse: Where Crypto, Gaming and Capitalism CollideChina’s Climate Goals Hinge on a $440 Billion Nuclear BuildoutAtlanta’s Crowded Election Pits Former Mayor Vers

  • Treasury Unveils First Cut in Long-Term Debt Sales Since ‘16

    (Bloomberg) -- The U.S. Treasury announced the first reduction in its quarterly sale of longer-term debt in more than five years on Wednesday, reflecting diminishing borrowing needs as the wave of pandemic-relief spending ebbs.Most Read from BloombergSupply Chain Crisis Risks Taking the Global Economy Down With ItChina’s Climate Goals Hinge on a $440 Billion Nuclear BuildoutInto the Metaverse: Where Crypto, Gaming and Capitalism CollideAtlanta’s Crowded Election Pits Former Mayor Versus ‘Anyone

  • Melania filmed scowling, rolling eyes at Donald Trump at World Series

    ‘That’s an eye roll you can’t unsee’: Videos of incident have gone viral online

  • N.J. Governor Is Trailing GOP Challenger in Bid for Re-Election

    (Bloomberg) -- New Jersey Governor Phil Murphy is locked in a tight race with Republican challenger Jack Ciattarelli in his bid for a second term, with a slow-in-coming ballot count leaving the rivals seesawing long after the polls closed.Most Read from BloombergSupply Chain Crisis Risks Taking the Global Economy Down With ItChina’s Climate Goals Hinge on a $440 Billion Nuclear BuildoutInto the Metaverse: Where Crypto, Gaming and Capitalism CollideAtlanta’s Crowded Election Pits Former Mayor Ver

  • The Fed Is in a Jam, and That’s Bad News for Investors

    Central bank officials may have to become more hawkish just as U.S. economic growth is slowing. Blame rising inflation.

  • Democrats Reach Deal on Drug Prices, Schumer Says. Pharma Stocks Are Steady.

    Senate Majority Leader Chuck Schumer announced the deal, which would allow Medicare to negotiate on drug prices, on Tuesday.

  • Rising Inflation Amid Tapering Scenario, Gold Bugs Remain Calm

    The yellow metal has been limited in its downside potential by recent global inflation concerns, however, and this has spurred buying interest in gold

  • If You Just Got This Stimulus Check Email From the IRS, Don't Open It

    Millions of Americans have received stimulus checks over the last two years, after the U.S. government authorized three separate payments for eligible recipients to help aid financial burdens brought on by the COVID pandemic. Despite many officials and citizens encouraging more payments, experts have long cautioned that the chances of another stimulus check nationwide are not likely. But that has not stopped scammers from trying to capitalize on Americans' desire for more money from the governme

  • Moscow to End Lockdown; Hong Kong to Give Boosters: Virus Update

    (Bloomberg) -- Hong Kong’s government has approved Covid-19 booster shots for high-risk groups starting this month, including people over 60 and those with weakened immune systems. Most Read from BloombergSupply Chain Crisis Risks Taking the Global Economy Down With ItChina’s Climate Goals Hinge on a $440 Billion Nuclear BuildoutInto the Metaverse: Where Crypto, Gaming and Capitalism CollideAtlanta’s Crowded Election Pits Former Mayor Versus ‘Anyone But’Ballot Initiatives to Watch, From Policing

  • Connecticut City Asks Residents to Take $145 Million Pension Bet

    (Bloomberg) -- Residents of Norwich, Connecticut, will vote Tuesday on whether to gamble with their tax dollars by issuing bonds to cover swelling pension obligations, amid a record year for sales of such debt.Most Read from BloombergInto the Metaverse: Where Crypto, Gaming and Capitalism CollideCan a New Mayor Fix Seattle’s Downtown?Atlanta’s Crowded Election Pits Former Mayor Versus ‘Anyone But’In Minneapolis Election, the Future of Policing Is at StakeThe Terrifying Rise of Haunted TourismVot

  • Competition in electricity markets lowers bills — but most states don’t allow that

    From 2008 to 2020, the 37 states with monopoly or partial competition models saw power prices rise 20.7%, while the 14 jurisdictions with retail electricity competition saw prices decline 0.3%.

  • Youngkin Wins—and Trumpism Is Back With a Vengeance

    Photo Illustration by Thomas Levinson/Photos GettyHis name wasn’t on the ballot in Virginia, but the ex-president is sure to claim victory in a governor’s race where his endorsed candidate, Republican Glenn Youngkin, came from significantly behind to defeat Democrat Terry McAuliffe.Painful as it is for Democrats to admit, what happened in Virginia is a win for Donald Trump in his comeback tour, and a reminder to the powers that be in Washington that the primary instigator of the Jan. 6 insurrect

  • Republicans romp in all three KY special elections to fill vacant seats in legislature

    Gov. Andy Beshear called the special elections to fill vacancies left by two deaths and one resignation.

  • Biden’s $80 billion proposal to fund IRS is ‘dramatically in excess of what the IRS needs,’ says former acting commissioner under Trump

    The comment comes as a pivotal Democrat said he would not back a bill to strengthen the social safety until he knew about its economic impact

  • Social Security Trend: Stimulus Money Allowed Seniors To Retire Early and Receive Full Benefits

    The golden years are looking especially golden for certain Americans who have the financial wherewithal (and desire) to retire early while also delaying when they get their Social Security benefits --...