CISA

CISA: Use Signal or other secure communications app

Android, CISA, Don't miss, Hot stuff, iPhone, MFA, News, password manager, secure communications, Signal, telecommunications, USA /

CISA: Use Signal or other secure communications app 2024-12-20 at 14:57 By Zeljka Zorz In the wake of the widespread compromise of US telecom giants’ networks by Chinese hackers and the FBI advising Americans to use end-to-end encrypted communications, CISA is advising “highly targeted individuals” – senior government officials and politicians – to lock down […]

React to this headline:

Loading spinner

CISA: Use Signal or other secure communications app Read More »

CISA Recommends Encrypted Messaging Apps as Telecom Security Questioned 

CISA, FIDO, Telecom networks, telecommunications /

CISA Recommends Encrypted Messaging Apps as Telecom Security Questioned  2024-12-20 at 08:34 By Ashish Khaitan The security of U.S. telecom networks has come under fresh scrutiny in recent months, with the latest example coming this week when the Cybersecurity and Infrastructure Security Agency (CISA) recommended that individuals in need of high security use encrypted messaging

React to this headline:

Loading spinner

CISA Recommends Encrypted Messaging Apps as Telecom Security Questioned  Read More »

CISA orders federal agencies to secure their Microsoft cloud environments

CISA, cloud security, Don't miss, Government, Hot stuff, Microsoft 365, News, Sectigo /

CISA orders federal agencies to secure their Microsoft cloud environments 2024-12-19 at 15:04 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 25-01) requiring federal civilian agencies to secure their (Microsoft) cloud environments. About the CISA BOD 25-01 directive The Implementing Secure Practices for Cloud Services

React to this headline:

Loading spinner

CISA orders federal agencies to secure their Microsoft cloud environments Read More »

CISA Adds CVE-2024-49138 to the Known Exploited Vulnerabilities Catalog, Urgency for Microsoft Users

CISA, CVE-2024-49138, vulnerability /

CISA Adds CVE-2024-49138 to the Known Exploited Vulnerabilities Catalog, Urgency for Microsoft Users 2024-12-11 at 15:03 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability, CVE-2024-49138, to its Known Exploited Vulnerabilities (KEV) catalog based on evidence that this flaw is being actively exploited. The vulnerability, identified in the Microsoft

React to this headline:

Loading spinner

CISA Adds CVE-2024-49138 to the Known Exploited Vulnerabilities Catalog, Urgency for Microsoft Users Read More »

How to choose secure, verifiable technologies?

ACSC, CISA, Don't miss, enterprise, guidelines, hardware, IoT, MSP, NCSC, News, procurement, risk assessment, SaaS, software /

How to choose secure, verifiable technologies? 2024-12-06 at 12:16 By Zeljka Zorz The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published a guidance document titled Choosing Secure and Verifiable Technologies, compiled to assist organizations in making informed decisions when procuring software (proprietary or open source), hardware (e.g., IoT devices), and cloud services

React to this headline:

Loading spinner

How to choose secure, verifiable technologies? Read More »

Vulnerabilities in ICS: A Detailed Analysis of Recent Security Advisories and Threats 

CISA, CVE-2021-22763, ICS products, ICS sector, ICS Vulnerabilities, vulnerability /

Vulnerabilities in ICS: A Detailed Analysis of Recent Security Advisories and Threats  2024-12-04 at 16:31 By Cyble Overview  The recent Weekly Industrial Control System Vulnerability Intelligence Report from Cyble Research & Intelligence Labs (CRIL) covers the vulnerabilities disclosed by the Cybersecurity and Infrastructure Security Agency (CISA) from November 26, 2024, to December 02, 2024.   The

React to this headline:

Loading spinner

Vulnerabilities in ICS: A Detailed Analysis of Recent Security Advisories and Threats  Read More »

Australia’s ACSC and ASD Team Up with CISA, NSA, FBI, and International Allies to Protect Communications Infrastructure

ACSC, ASD, CISA, FBI, hardening guidance, NSA, secure by design, vulnerability /

Australia’s ACSC and ASD Team Up with CISA, NSA, FBI, and International Allies to Protect Communications Infrastructure 2024-12-04 at 16:18 By Cyble Overview  A coalition of cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), Australia’s Australian Signals Directorate (ASD), the Australian Cyber

React to this headline:

Loading spinner

Australia’s ACSC and ASD Team Up with CISA, NSA, FBI, and International Allies to Protect Communications Infrastructure Read More »

CISA Releases New List of Known Exploited Vulnerabilities, Urges Immediate Actions 

CISA, CVE-2024-11680, CVE-2024-23113, CVE-2024-47575, exploit, KEV, Known Exploited Vulnerabilities, vulnerability /

CISA Releases New List of Known Exploited Vulnerabilities, Urges Immediate Actions  2024-12-02 at 14:15 By Cyble Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has once again emphasized the critical importance of addressing IT vulnerabilities. This week, Cyble has reported multiple vulnerabilities across IT devices based on the findings published in the Known Exploited Vulnerabilities

React to this headline:

Loading spinner

CISA Releases New List of Known Exploited Vulnerabilities, Urges Immediate Actions  Read More »

CISA Enhances Secure by Design Strategy with AI Red Teaming for Critical Infrastructure Protection

CISA, cyber news /

CISA Enhances Secure by Design Strategy with AI Red Teaming for Critical Infrastructure Protection 2024-11-27 at 14:34 By daksh sharma Overview CISA has announced new additions to its Secure by Design initiative with the introduction of advanced fields in artificial intelligence (AI). This plan ensures the safety, security, and reliability of AI systems, especially as

React to this headline:

Loading spinner

CISA Enhances Secure by Design Strategy with AI Red Teaming for Critical Infrastructure Protection Read More »

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems

CISA, Vulnerabilities, vulnerability /

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems 2024-11-26 at 13:03 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) published seven detailed security advisories to address critical vulnerabilities in various Industrial Control Systems (ICS). These advisories cover a range of products, from web-based control servers to automated

React to this headline:

Loading spinner

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems Read More »

CISA Adds Three Critical Vulnerabilities to the Known Exploited Vulnerabilities Catalog

CISA, vulnerability /

CISA Adds Three Critical Vulnerabilities to the Known Exploited Vulnerabilities Catalog 2024-11-19 at 11:01 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has recently added three significant vulnerabilities to its Known Exploited Vulnerabilities Catalog (KEV), based on evidence of active exploitation. These vulnerabilities, identified in popular networking and security products, represent a

React to this headline:

Loading spinner

CISA Adds Three Critical Vulnerabilities to the Known Exploited Vulnerabilities Catalog Read More »

CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog

CISA, CVE-2024-9463, CVE-2024-9465, OS Command Injection, vulnerability /

CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog 2024-11-18 at 09:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has officially added two high-severity vulnerabilities affecting Palo Alto Networks Expedition to its Known Exploited Vulnerability (KEV) Catalog. The two Palo Alto Networks vulnerabilities, which are actively being targeted

React to this headline:

Loading spinner

CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog Read More »

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps

CISA, Don't miss, GitHub, Hot stuff, News, open source /

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps 2024-11-18 at 06:32 By Mirko Zorz ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps. ScubaGear analyzes an organization’s M365 tenant configuration, offering actionable insights and recommendations to help

React to this headline:

Loading spinner

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps Read More »

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465)

Censys, CISA, configuration management, Don't miss, enterprise, firewall, Horizon3.ai, Hot stuff, News, Palo Alto Networks /

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) 2024-11-15 at 13:16 By Zeljka Zorz Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration tool, CISA has confirmed on Thursday. About the vulnerabilities (CVE-2024-9463, CVE-2024-9465) CVE-2024-9463 allows unauthenticated attackers to run arbitrary OS commands as root

React to this headline:

Loading spinner

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) Read More »

FBI confirms China-linked cyber espionage involving breached telecom providers

APT, China, CISA, cyber espionage, data breach, Don't miss, FBI, Hot stuff, News, telecommunications, USA /

FBI confirms China-linked cyber espionage involving breached telecom providers 2024-11-14 at 14:16 By Zeljka Zorz After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part

React to this headline:

Loading spinner

FBI confirms China-linked cyber espionage involving breached telecom providers Read More »

Zero-days dominate top frequently exploited vulnerabilities

0-day, CISA, Don't miss, FBI, Hot stuff, NCSC, News, NSA, report, Tenable, vulnerability /

Zero-days dominate top frequently exploited vulnerabilities 2024-11-14 at 07:03 By Mirko Zorz A joint report by leading cybersecurity agencies from the U.S., UK, Canada, Australia, and New Zealand has identified the most commonly exploited vulnerabilities of 2023. Zero-day vulnerabilities on the rise The advisory highlights that malicious cyber actors increasingly targeted zero-day vulnerabilities, posing significant

React to this headline:

Loading spinner

Zero-days dominate top frequently exploited vulnerabilities Read More »

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager

CISA, FactoryTalk ThinManager, Rockwell Automation, vulnerability /

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager 2024-11-04 at 12:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has alerted about new vulnerabilities in Rockwell Automation FactoryTalk ThinManager. The alert, designated ICSA-24-305-01, outlines serious security risks that could affect users of the software. With a CVSS v4 score of

React to this headline:

Loading spinner

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager Read More »

U.S. Agencies Investigate China-Linked Telecom Hacks Targeting High-Profile Politicians

Chinese hacking, Chinese state-linked threat actors, Chinese-linked hacks, CISA, cyber news /

U.S. Agencies Investigate China-Linked Telecom Hacks Targeting High-Profile Politicians 2024-10-28 at 18:19 By daksh sharma The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have launched an investigation into a series of cyber intrusions linked to hackers believed to be affiliated with the Chinese state-linked threat actors.  This investigation follows reports that the phone

React to this headline:

Loading spinner

U.S. Agencies Investigate China-Linked Telecom Hacks Targeting High-Profile Politicians Read More »

Exploited: Cisco, SharePoint, Chrome vulnerabilities

brute-force, Chrome, CISA, Cisco, Don't miss, enterprise, exploit, Hot stuff, Kaspersky, News, PoC, SharePoint, vulnerability /

Exploited: Cisco, SharePoint, Chrome vulnerabilities 2024-10-25 at 13:33 By Zeljka Zorz Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few days, Cisco has released fixes for a slew of vulnerabilities affecting the software powering its

React to this headline:

Loading spinner

Exploited: Cisco, SharePoint, Chrome vulnerabilities Read More »

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products

CISA, CVE-2024-28987, vulnerability /

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products 2024-10-16 at 14:14 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical advisory report highlighting vulnerabilities recently added to the Known Exploited Vulnerability (KEV) catalog. These vulnerabilities pose risks to organizations and require immediate attention. CISA categorizes vulnerabilities based on

React to this headline:

Loading spinner

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products Read More »

Scroll to Top