Government officials talked about how agencies have partnered to address election security, the SolarWinds cyberattack and the Hafnium threat group's exploitation of Exchange servers.
The supply chain attack against 3CX may have been planned for more than a year, and such intrusions are the best return on investment for attackers, researchers say.
The Biden administration issued new guidance on software supply chain security for federal agencies, which includes requirements for self-attestations and SBOMs.
APT29, the threat actor linked to the SolarWinds hack, is abusing various Azure features in recent attacks against organizations that influence the foreign policy of NATO countries.
Researchers have linked a malware loader, called CeeLoader, to the threat group behind the SolarWinds supply-chain attack.