A phishing campaign by the Russian actor known as Nobelium impersonated the United States Agency for International Development while targeting government agencies and humanitarian groups.
The requirement for vendors to provide a software bill of materials for the apps they sell to federal agencies will only address part of the supply chain risk, experts say.
CISA and other federal agencies are expanding their incident response capacities, but there is discussion of tapping into private sector resources during major incidents.
The attack on Colonial Pipeline has focused the attention of the FBI and White House on the DarkSide ransomware developers and its operators.
The DarkSide ransomware hit the Colonial Pipeline on Friday, forcing the company to take its main distribution lines offline to recover.