The Cybersecurity and Infrastructure Security Agency won’t be fully up and running until it implements its third and final phase of organizational changes, according to a new report. While CISA undertook multiple new initiatives in 2018, 57 planned tasks were incomplete as of mid-February 2021, the Government Accountability Office reported. Until CISA’s organizational changes are finished, it will remain “difficult” for the agency to confront national cyber incidents like the SolarWinds hack that compromised at least nine federal agencies, reads GAO’s report.

A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.

Global air transport data giant SITA has confirmed a data breach involving passenger data. The company said in a brief statement on Thursday that it had been the “victim of a cyberattack,” and that certain passenger data stored on its U.S. servers had been breached. The cyberattack was confirmed on February 24, after which the company contacted affected airlines.

Microsoft is working with partners and customers to expand its knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. Here they share their observations of the threat actor using both backdoor and other malware implants to establish sustained access to affected networks.

FireEye discovers a new backdoor uploaded by a U.S.-based entity to a public malware repository in August 2020 that they have named SUNSHUTTLE.

According to The Record, a fully weaponized exploit for the Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal last month, marking the first time a working exploit capable of doing actual damage has entered the public domain. The exploit was discovered by French security researcher Julien Voisin. It targets Spectre, a major vulnerability that was disclosed in January 2018.

HD Moore, famed developer of the wildly popular Metasploit penetration testing tool, is looking to launch a new project: Moore’s IT asset discovery tool. The goal? To solve one of the most basic yet confounding problems organizations face: getting a true inventory of all of the devices and services running in their increasingly diverse and growing networks.