Category: Agency News

First Interoperability Milestone Achieved: sBMS and VIS4EES Go Live

Agency News, Cyber Security CII sector, Industry News
eu-LISA has successfully launched the shared Biometric Matching Service (sBMS), the EU’s central biometric matching system, and upgraded the Visa Information System (VIS4EES). These two systems mark the completion of the first milestone of the Interoperability Roadmap, ensuring that Member States and EU Agencies are well prepared for future developments.
The technical activities enabling the go-live were carried out overnight by eu-LISA experts, in collaboration with external partners. Both systems are now fully operational and accessible to Member States and competent EU Agencies.
The Visa Information System (VIS) is a large-scale IT system that supports the implementation of the EU’s common visa policy and facilitates checks at external borders. It allows Schengen States to exchange data on short-stay visas and connects consulates in non-EU countries with border crossing points. The upgraded VIS4 introduces enhanced functionalities, improved performance, and greater readiness for future interoperability.
The shared Biometric Matching Service (sBMS) is a centralised system that stores and compares biometric data—such as fingerprints and facial images—across multiple EU information systems. As the first operational component of the interoperability architecture, sBMS enables biometric searches and identity checks across systems, contributing to the accuracy, security, and efficiency of EU border and migration management.
Together, VIS4 and sBMS represent a major step forward in reinforcing the EU’s external border security. They constitute the first operational element of interoperability and lay the groundwork for the upcoming integration of the Entry/Exit System (EES).
Leave a comment

Network Monitoring Program Needs Further Guidance and Actions

Agency News, Cyber Security CII sector, Industry News
The Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program gives agencies cybersecurity tools to strengthen the networks and systems they use to meet their missions.
A key aspect of a rigorous cybersecurity program is continuously monitoring networks and systems to identify and manage risks. Consistent with the FISMA requirement for agency network monitoring, the CISA-led CDM program provides tools to agencies to assist in this effort.
FISMA includes a provision for GAO to periodically report on agencies' implementation of the act. Among its objectives, this report examines the extent to which the CDM program is (1) meeting its goals, and (2) supporting other federal cybersecurity initiatives.
While the program has met two of its goals, it lacks sufficient guidance for managing network security and data protection. The program generally supports government-wide cybersecurity initiatives, but DHS's Cybersecurity and Infrastructure Security Agency hasn't finalized all plans for how CDM can provide support. For example, the agency hasn't fully updated the program's cloud asset management guidance.
The Department of Homeland Security (DHS) established the Continuous Diagnostics and Mitigation (CDM) program in 2012 to strengthen the cybersecurity of government networks and systems. Its goals are to: (1) reduce exposure to insecure configurations or known vulnerabilities; (2) improve federal cybersecurity response capabilities; (3) increase visibility into the federal cybersecurity posture; and (4) streamline Federal Information Security Modernization Act of 2014 (FISMA) reporting. The Cybersecurity and Infrastructure Security Agency (CISA) manages these goals across four capability areas (see figure). The program is meeting two of its four goals and partially meeting the other two, as discussed below.
CDM has met two goals. First, it is reducing exposure to insecure configurations and known vulnerabilities—22 of 23 agencies reported that the program was helpful in accomplishing this. CDM is also meeting its incident response capability goal.
The program, however, has been less successful in meeting the other two goals.
Although CISA developed dashboards to visualize and provide insight to the federal cybersecurity posture and the associated capability areas noted above, officials from 21 of 23 agencies stated that they had not yet fully implemented network security and data protection capabilities. Several agencies cited a lack of guidance as contributing to the slow implementation.
While officials from four agencies stated that CDM helped to automate FISMA reporting, officials from seven other agencies said that data quality issues were adversely affecting efforts to streamline reporting leading to manual updates to correct data errors.
Regarding supporting other initiatives, the Office of Management and Budget (OMB) established expectations that CDM would support federal cybersecurity efforts on zero trust architecture, endpoint detection and response, and cloud asset management. CDM has generally met expectations for the zero trust architecture program. However, CISA had not finalized key activities to support endpoint detection and cloud asset management. CISA's actions to implement an endpoint solution for all agencies and issue updated guidance on cloud asset management would improve the cybersecurity posture of federal agencies.
GAO selected for review the 23 civilian agencies covered in the Chief Financial Officers Act of 1990 (CFO Act). GAO compared CDM program documentation against relevant guidance, and summarized survey results from the 23 civilian CFO Act agencies. GAO also interviewed CISA and OMB officials.
GAO is making four recommendations to DHS and CISA to (1) issue guidance on implementing network security and data protection capabilities, (2) address data quality issues, (3) implement an endpoint solution, and (4) issue updated guidance on cloud asset management. DHS, on behalf of CISA, concurred with the recommendations.
Leave a comment

DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

Agency News, Cyber Security CII sector, Industry News
In the latest blow to the criminal market for distributed denial of service (DDoS)-for-hire services, Polish authorities have arrested four individuals who allegedly ran a network of platforms used to launch thousands of cyberattacks worldwide. The suspects are believed to be behind six separate stresser/booter services that enabled paying customers to flood websites and servers with malicious traffic — knocking them offline for as little as EUR 10.
The now defunct platforms – Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut – are thought to have facilitated widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025.
The platforms offered slick interfaces that required no technical skills. Users simply entered a target IP address, selected the type and duration of attack, and paid the fee — automating attacks that could overwhelm even well-defended websites.
Global law enforcement response
The arrests in Poland were part of a coordinated international action involving law enforcement authorities in 4 countries, with Europol providing analytical and operational support throughout the investigation.
Dutch authorities have deployed fake booter sites designed to warn users seeking out DDoS-for-hire services, reinforcing the message that those who use these tools are being watched and could face prosecution. Data from booter websites, seized by Dutch law enforcement in data centres in the Netherlands, was shared with international partners, including Poland, contributing to the arrest of the four administrators.
The United States seized 9 domains associated with booter services during the coordinated week of action, continuing its broader campaign against commercialised DDoS platforms.
Germany supported the Polish-led investigation by helping identify one of the suspects and sharing critical intelligence on others.
What are stresser and booter services?
Stresser and booter services offer on-demand cyberattacks, often disguised as tools for legitimate testing but widely used to cause deliberate disruption. These services let users flood a target server or website with enormous volumes of fake traffic, making them inaccessible to real users – a technique known as distributed denial of service.
Unlike traditional botnets, which require the control of large numbers of infected devices, stresser/booter services industrialise DDoS attacks through centralised, rented infrastructure. They are often advertised on underground forums and the dark web, and transactions are typically anonymised.
This coordinated action is part of Operation PowerOFF, an ongoing international law enforcement effort targeting the infrastructure behind DDoS-for-hire activity.
Leave a comment

New Best Practices Guide for Securing AI Data Released

Agency News, Cyber Security CII sector, Industry News

CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems.

This information sheet highlights the critical role of data security in ensuring the accuracy, integrity, and trustworthiness of AI outcomes. It outlines key risks that may arise from data security and integrity issues across all phases of the AI lifecycle, from development and testing to deployment and operation.

Defense Industrial Bases, National Security Systems owners, federal agencies, and Critical Infrastructure owners and operators are encouraged to review this information sheet and implement the recommended best practices and mitigation strategies to protect sensitive, proprietary, and mission critical data in AI-enabled and machine learning systems. These include adopting robust data protection measures; proactively managing risks; and strengthening monitoring, threat detection, and network defense capabilities.

As AI systems become more integrated into essential operations, organizations must remain vigilant and take deliberate steps to secure the data that powers them.

Leave a comment

Primary Mitigations to Reduce Cyber Threats to Operational Technology

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Environmental Protection Agency (EPA), and Department of Energy (DOE)—hereafter referred to as “the authoring organizations”—are aware of cyber incidents affecting the operational technology (OT) and industrial control systems (ICS) of critical infrastructure entities in the United States. The authoring organizations urge critical infrastructure entities to review and act now to improve their cybersecurity posture against cyber threat activities specifically and intentionally targeting internet connected OT and ICS.
Mitigations
The authoring organizations recommend critical infrastructure asset owners and operators implement the following mitigations[1] to defend against OT cyber threats.
- Remove OT connections to the public internet. OT devices are easy targets when connected to the internet. OT devices lack authentication and authorization methods that are resistant to modern threats and are quickly found by searching for open ports on public IP ranges with search engine tools to target victims with OT components [CPG 2.X].
- Cyber threat actors use simple, repeatable, and scalable toolsets available to anyone with an internet browser. Critical infrastructure entities should identify their public-facing assets and remove unintentional exposure.
- Change default passwords immediately and use strong, unique passwords. Recent analysis of this cyber activity indicates that targeted systems use default or easily guessable (using open source tools) passwords. Changing default passwords is especially important for public-facing internet devices that have the capability to control OT systems or processes [CPG 2.A][CPG 2.B][CPG 2.C].
- Secure remote access to OT networks. Many critical infrastructure entities, or contractors working on their behalf, make risk-based tradeoffs when implementing remote access to OT assets. These tradeoffs deserve careful reevaluation. If remote access is essential, upgrade to a private IP network connection to remove these OT assets from the public internet and use virtual private network (VPN) functionality with a strong password and phishing-resistant multifactor authentication (MFA) for user remote access.
- Document and configure remote access solutions to apply principles of least privilege for the specific asset and user role or scope of work [CPG 2.H]. Further, disable dormant accounts.
- Segment IT and OT networks. Segmenting critical systems and introducing a demilitarized zone for passing control data to enterprise logistics reduces the potential impact of cyber threats and reduces the risk of disruptions to essential OT operations [CPG 2.F].
- Practice and maintain the ability to operate OT systems manually. The capability for organizations to revert to manual controls to quickly restore operations is vital in the immediate aftermath of an incident. Business continuity and disaster recovery plans, fail-safe mechanisms, islanding capabilities, software backups, and standby systems should all be routinely tested to ensure safe manual operations in the event of an incident.
The authoring organizations recommend that critical infrastructure organizations regularly communicate with their third-party managed service providers, system integrators, and system manufacturers who may be able to provide system-specific configuration guidance as they work to secure their OT.
- Misconfigurations may be introduced during standard operations, by the system integrator, by a managed service provider, or as part of the default product configuration by the system manufacturer. Working with the relevant groups to address these issues may prevent future unintentional vulnerabilities from being introduced.
Leave a comment

CISA and Partners Issue Fast Flux Cybersecurity Advisory

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA) joined the National Security Agency (NSA) and other government and international partners to release a joint Cybersecurity Advisory (CSA) that warns organizations, internet service providers (ISPs), and cybersecurity service providers about fast flux enabled malicious activities that consistently evade detection. The CSA also provides recommended actions to defend against fast flux.
An ongoing threat, fast flux networks create resilient adversary infrastructure used to evade tracking and blocking. Such infrastructure can be used for cyberattacks such as phishing, command and control of botnets, and data exfiltration. This advisory provides several techniques that should be implemented for a multi-layered security approach including DNS and internet protocol (IP) blocking and sinkholing; enhanced monitoring and logging; phishing awareness and training for users; and reputational filtering.
 "Threat actors leveraging fast flux techniques remain a threat to government and critical infrastructure organizations. Fast flux makes individual computers in a botnet harder to find and block. A useful solution is to find and block the behavior of fast flux itself,” said CISA Deputy Executive Assistant Director for Cybersecurity Matt Hartman. “CISA is pleased to join with our government and international partners to provide this important guidance on mitigating and blocking malicious fast flux activity. We encourage organizations to implement the advisory recommendations to reduce risk and strengthen resilience."
The authoring agencies encourage ISPs, cybersecurity service providers and Protective Domain Name System (PDNS) providers to help mitigate this threat by taking proactive steps to develop accurate and reliable fast flux detection analytics and block fast flux activities for their customers.
Additional co-sealers for this joint CSA are Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand National Cyber Security Centre (NCSC-NZ).
Leave a comment

More than 300 arrests as African countries clamp down on cyber threats

Agency News, Cyber Security CII sector, Industry News
Authorities in seven African countries have arrested 306 suspects and seized 1,842 devices in an international operation targeting cyber attacks and cyber-enabled scams.
The arrests were made as part of Operation Red Card (November 2024 – February 2025) which aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses. In particular, the operation targeted mobile banking, investment and messaging app scams. The cases uncovered during the operation involved more than 5,000 victims.
As part of the crackdown, Nigerian police arrested 130 people, including 113 foreign nationals, for their alleged involvement in cyber-enabled scams such as online casino and investment fraud. The suspects, who converted proceeds to digital assets to conceal their tracks, were recruited from different countries to run the illegal schemes in as many languages as possible. Nigerian authorities have established that some of the people working in the scam centres may also be victims of human trafficking, forced or coerced into criminal activities. Overall, the investigation led to the seizure of 26 vehicles, 16 houses, 39 plots of land and 685 devices.
In a significant case from South Africa, authorities arrested 40 individuals and seized more than 1,000 SIM cards, along with 53 desktops and towers linked to a sophisticated SIM box fraud scheme. This setup, which reroutes international calls as local ones, is commonly used by criminals to carry out large-scale SMS phishing attacks.
In Zambia, officers apprehended 14 suspected members of a criminal syndicate that hacked into victims’ phones. The scam involved sending a message containing a malicious link which, when clicked, installed malware to the device. This allowed hackers to take control of the messaging account, and ultimately the phone, giving them access to banking apps. The hackers were also able to use the victim’s messaging apps to share the malicious link within conversations and groups, enabling the scam to spread.
During the operation, Rwandan authorities arrested 45 members of a criminal network for their involvement in social engineering scams that defrauded victims of over USD 305,000 in 2024 alone. Their tactics included posing as telecommunications employees and claiming fake ‘jackpot’ wins to extract sensitive information and gain access to victims’ mobile banking accounts. Another method involved impersonating an injured family member to ask relatives for financial assistance towards hospital bills. Overall, USD 103,043 was recovered and 292 devices were seized.
Leave a comment

Tackling cybercrime: common challenges and legislative solutions identified by Europol and Eurojust

Agency News, Cyber Security CII sector, Industry News
The latest joint report by Europol and Eurojust, Common Challenges in Cybercrime, explores the persistent and emerging issues that hinder cybercrime investigations. This year’s edition not only identifies key obstacles—particularly in the field of digital evidence—but also examines how new legislative measures could help address them.
The report highlights several pressing challenges faced by law enforcement, including the overwhelming volume of digital data, the risk of data loss, and the persistent barriers to accessing critical information due to legal and technical constraints. The increasing use of anonymisation services has further complicated efforts to track criminal activities online.
To help mitigate these challenges, the report explores the impact of new EU legislative tools, such as the e-Evidence Package, the Digital Services Act, and the EU AI Act. These instruments aim to facilitate data access, improve cross-border cooperation, and enhance investigative capabilities. However, their effectiveness will largely depend on how they are implemented and integrated into existing operational strategies.
The report also underscores the value of the strategic cooperation between Europol and Eurojust, highlighting initiatives such as the SIRIUS Project, which has strengthened collaboration in cybercrime investigations. These efforts continue to play a crucial role in helping law enforcement agencies navigate an increasingly complex digital landscape.
While challenges remain, the report emphasises the potential of these new legislative measures to strengthen the fight against cybercrime. Equipping law enforcement with the right tools and ensuring their effective use in investigations will be key to staying ahead of evolving cyber threats.
Leave a comment

NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on “Fast Flux,” a National Security Threat

Agency News, Industry News

CISA—in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ)—released joint Cybersecurity Advisory Fast Flux: A National Security Threat (PDF, 841 KB). This advisory warns organizations, internet service providers (ISPs), and cybersecurity service providers of the ongoing threat of fast flux enabled malicious activities and provides guidance on detection and mitigations to safeguard critical infrastructure and national security.

“Fast flux” is a technique used to obfuscate the locations of malicious servers through rapidly changing Domain Name System (DNS) records associated with a single domain name. This threat exploits a gap commonly found in network defenses, making the tracking and blocking of malicious fast flux activities difficult.

The authoring agencies strongly recommend adopting a multi-layered approach to detection and mitigation to reduce risk of compromise by fast flux-enabled threats. Service providers, especially Protective DNS providers (PDNS), should track, share information about, and block fast flux as part of their provided cybersecurity services. Government and critical infrastructure organizations should close this ongoing gap in network defenses by using cybersecurity and PDNS services that block malicious fast flux activity.

Leave a comment

ITU and ESA agree on optimising satellite communications

Agency News, Cyber Security CII sector, Industry News

The International Telecommunication Union (ITU) and the European Space Agency (ESA) have announced a collaborative effort to improve mitigation measures against harmful interference in satellite systems.

The joint initiative, reflecting United Nations objectives under the 2030 Agenda for Sustainable Development, aims to ensure the sustainable and efficient use of limited space-based communication resources.

Both organisations recognise growing complexities in managing finite spectrum and orbital resources. An agreement signed in Barcelona, Spain, formalises their plans for closer cooperation on key issues for global digital communications.

Under the agreement, ITU and ESA will work together on:

  • Sustainable and efficient spectrum use: Ensuring that radio frequency spectrum for satellite systems is utilised in a responsible and effective manner.
  • Development of space-based monitoring technologies: Exploring and potentially developing advanced technologies for monitoring the use of radio frequencies to identify and geolocate sources of harmful interference.
  • Exchange of information and expertise: Facilitating knowledge-sharing between the two organisations to enhance space communication systems and regulatory frameworks.

Space-based communication technologies are increasingly crucial for global connectivity, scientific research, and emergency response systems. At the same time, growing numbers of satellites and increasing risks of signal interference necessitate innovative, increasingly complex, and highly coordinated spectrum management solutions.

“Innovation and regulations are key to facilitate and preserve access to spectrum-orbit resources free from harmful interference,” said Mario Maniewicz, Director of ITU Radiocommunications Bureau. “This agreement is the first step towards a series of joint ESA-ITU efforts to ensure sustainability of space radio-communications systems.”

Preserving radio waves for all

ITU, as the UN specialised agency for information and communication technologies, has long been at the forefront of coordination among countries and regions on radio frequencies and satellite orbits worldwide. ITU Resolution 189 (Rev. Bucharest, 2022) emphasises the importance of transparency and confidence-building in outer space activities.

ESA, an intergovernmental organisation established in 1975, supports space research and technology development for peaceful and scientific purposes. Together, ITU and ESA aim to strengthen international efforts in satellite monitoring and interference mitigation, ensuring reliable and sustainable access to satellite communication services worldwide.

“Promoting the responsible use of spectrum and preserving it from interferences is key to ensure the viability of our operators and ultimately the service delivered to their customers,” said Laurent Jaffart, ESA’s Director of Connectivity and Secure Communications. “Together with ITU, we will promote the importance of ensuring the sustainability of this limited and valuable resource and will collaborate towards establishing good practices for its responsible use for the benefit of society and businesses.”

A step towards a sustainable digital future

By combining their expertise and resources, ITU and ESA could set a precedent for enhanced cooperation in the field of satellite communications.

“The shared commitment to responsible spectrum management and technological innovation marks a significant step toward a sustainable digital future for everyone,” said Mr Maniewicz. “This initiative underscores the importance of international collaboration in addressing the challenges and opportunities presented by space technologies.”

Maniewicz and Jaffart signed for their respective organisations at the Mobile World Congress (MWC2025 Barcelona).

As the demand for satellite-based services continues to grow, partnerships like this will help maintain the integrity and accessibility of global communication networks.

ITU and ESA have reaffirmed their dedication to a future where space technologies contribute positively to societal progress and sustainable development.

Leave a comment
1 2 3 42