Advertise

Attacks/Breaches

1/29/2010
09:05 AM

Dark Reading
Products and Releases

0 comments
Comment Now

50%

Speaker Pelosi And Boehner Send Letter To CAO On Protecting House Web Sites From Being Hacked

Legislators request 'immediate and comprehensive assessment of how hackers were able to deface the websites of nearly fifty House Members and Committees'

WASHINGTON, Jan. 28 /PRNewswire-USNewswire/ --Speaker Nancy Pelosi and Republican Leader John Boehner sent the following letter this afternoon to Chief Administrative Officer Daniel Beard requesting "an immediate and comprehensive assessment of how hackers were able to deface the websites of nearly fifty House Members and Committees last night."

The full text of the letter is below.

January 28, 2010

The Honorable Daniel P. Beard Chief Administrative Officer U.S. House of Representatives Washington, DC 20515

Dear Mr. Beard:

We request that you initiate an immediate and comprehensive assessment of how hackers were able to deface the websites of nearly fifty House Members and Committees last night.

In the past, we jointly requested that your office review and tighten cybersecurity protections designed to ensure that congressional offices and committees are safeguarded from unauthorized intrusions. We appreciate the efforts you and your cybersecurity team have taken to tighten firewalls, as well as more recent efforts to ensure that official mobile communications devices are secure from hacking and other intrusions.

However, last night's actions indicate that further review of security procedures are needed. From initial reports, these intrusions appear to be related to one website vendor which has had previous security failures. While many Members have expressed satisfaction with the vendor in question, this is the second time in a year websites hosted and supported by this vendor have been compromised. We therefore request that your office work with the Committee on House Administration to review the security standards for House vendors and to assess whether this vendor, and others, have adhered to those standards. We also request that you take immediate action to protect against breaches of the House firewalls and to ensure website security of all House offices.

Thank you for your attention to this matter.

Sincerely, ---------- NANCY PELOSI JOHN BOEHNER ---------------------------------------------- Speaker Republican Leader -----------------------------------------------------------

Cc: The Honorable Robert A. Brady Chairman, Committee on House Administration -------------------------------------------

The Honorable Dan Lungren Ranking Member, Committee on House Administration

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

People Are The Most Important Part of Autonomous SOC

Don't Miss This Cybersecurity Virtual Event

More Webcasts

White Papers

7 Experts on Implementing Microsoft Defender for Endpoint

Simplify Your Application Security

More White Papers

Reports

Enabling Enterprise Resiliency Through Cyberthreat Detection

How Data Breaches Affect the Enterprise (2020)

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Editors' Choice

How SolarWinds Busted Up Our Assumptions About Code Signing

Dr. Jethro Beekman, Technical Director, 3/3/2021

'ObliqueRAT' Now Hides Behind Images on Compromised Websites

Jai Vijayan, Contributing Writer, 3/2/2021

Attackers Turn Struggling Software Projects Into Trojan Horses

Robert Lemos, Contributing Writer, 2/26/2021

Live Events

Webinars

Communications & Collaboration: 2024 (March 9-10)

The Future of Authentication - Interop Digital April 29

Network Security for 2021 and Beyond (April 29)

More Informa Tech Live Events

White Papers

7 Experts on Implementing Microsoft Defender for Endpoint

A Guide to Build vs Buy Service Models for Threat Detection and Response

Simplify Your Application Security

The State of Endpoint Security

The Psychology of Cyber: How Micro-Drilling Enhances Crisis Response

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises are Developing Secure Applications

Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-21360
PUBLISHED: 2021-03-09

Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic ...

CVE-2021-21361
PUBLISHED: 2021-03-09

The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed...

CVE-2021-24033
PUBLISHED: 2021-03-09

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoke...

CVE-2021-21510
PUBLISHED: 2021-03-08

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary â€&tilde;Hostâ€™ header values to poison a web-cache or trigger redirections.

CVE-2020-27575
PUBLISHED: 2021-03-08

Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]