Federal Agency Breach: 24 Staff Fired After Attack

A national emergency management agency fired its CIO, CISO, and over 20 other staff members following a significant cybersecurity incident. Attackers reportedly used compromised credentials to breach a Citrix system, exfiltrating data from regional servers. The breach, which went undiscovered for weeks, is suspected to be linked to a widely exploited Citrix vulnerability. Officials stated the dismissals were due to incompetence and attempts to cover up severe security failures like a lack of multi-factor authentication. Following the incident, the agency mandated password changes and is restructuring its IT operations to address the security lapses.

Latest mentioned: 10-06

Earliest mentioned: 09-29

Sources

theregister.com nextgov.com

Also Read

PolarEdge ORB Network Unveiled: 25,000 IoT Devices Compromised

XLab has discovered RPX_Client, a new module in the PolarEdge ORB network, which hijacks IoT devices for global proxy operations. The malware, distributed via IP address 111.119.223.196, onboards infected devices into the PolarEdge proxy pool, providing relay services and executing remote commands. Over 25,000 devices have been compromised, primarily network video recorders and routers. The command-and-control infrastructure includes 140 active RPX_Server nodes, using a PolarSSL test certificate and listening on port 55555. The RPX_Client module functions as a relay agent, disguising its process name and maintaining configuration data encrypted via XOR. The malware maintains two persistent C2 channels for registration, proxy services, and remote command execution.

10-31Read more →