CISA

Zero-days dominate top frequently exploited vulnerabilities

0-day, CISA, Don't miss, FBI, Hot stuff, NCSC, News, NSA, report, Tenable, vulnerability /

Zero-days dominate top frequently exploited vulnerabilities 2024-11-14 at 07:03 By Mirko Zorz A joint report by leading cybersecurity agencies from the U.S., UK, Canada, Australia, and New Zealand has identified the most commonly exploited vulnerabilities of 2023. Zero-day vulnerabilities on the rise The advisory highlights that malicious cyber actors increasingly targeted zero-day vulnerabilities, posing significant […]

React to this headline:

Loading spinner

Zero-days dominate top frequently exploited vulnerabilities Read More »

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager

CISA, FactoryTalk ThinManager, Rockwell Automation, vulnerability /

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager 2024-11-04 at 12:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has alerted about new vulnerabilities in Rockwell Automation FactoryTalk ThinManager. The alert, designated ICSA-24-305-01, outlines serious security risks that could affect users of the software. With a CVSS v4 score of

React to this headline:

Loading spinner

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager Read More »

U.S. Agencies Investigate China-Linked Telecom Hacks Targeting High-Profile Politicians

Chinese hacking, Chinese state-linked threat actors, Chinese-linked hacks, CISA, cyber news /

U.S. Agencies Investigate China-Linked Telecom Hacks Targeting High-Profile Politicians 2024-10-28 at 18:19 By daksh sharma The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have launched an investigation into a series of cyber intrusions linked to hackers believed to be affiliated with the Chinese state-linked threat actors.  This investigation follows reports that the phone

React to this headline:

Loading spinner

U.S. Agencies Investigate China-Linked Telecom Hacks Targeting High-Profile Politicians Read More »

Exploited: Cisco, SharePoint, Chrome vulnerabilities

brute-force, Chrome, CISA, Cisco, Don't miss, enterprise, exploit, Hot stuff, Kaspersky, News, PoC, SharePoint, vulnerability /

Exploited: Cisco, SharePoint, Chrome vulnerabilities 2024-10-25 at 13:33 By Zeljka Zorz Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few days, Cisco has released fixes for a slew of vulnerabilities affecting the software powering its

React to this headline:

Loading spinner

Exploited: Cisco, SharePoint, Chrome vulnerabilities Read More »

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products

CISA, CVE-2024-28987, vulnerability /

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products 2024-10-16 at 14:14 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical advisory report highlighting vulnerabilities recently added to the Known Exploited Vulnerability (KEV) catalog. These vulnerabilities pose risks to organizations and require immediate attention. CISA categorizes vulnerabilities based on

React to this headline:

Loading spinner

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products Read More »

Four Critical Vulnerabilities Added to CISA’s Exploited Vulnerabilities Catalog

CISA, vulnerability /

Four Critical Vulnerabilities Added to CISA’s Exploited Vulnerabilities Catalog 2024-10-04 at 16:18 By dakshsharma16 Overview The Cybersecurity and Infrastructure Security Agency (CISA) has recently added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, signaling ongoing active exploitation. These vulnerabilities present significant risks for organizations that rely on the affected technologies. CISA’s update highlights several

React to this headline:

Loading spinner

Four Critical Vulnerabilities Added to CISA’s Exploited Vulnerabilities Catalog Read More »

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)

CISA, Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, News, vulnerability /

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) 2024-10-03 at 18:31 By Zeljka Zorz CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited Vulnerabilities catalog. Ivanti did the same by updating the

React to this headline:

Loading spinner

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) Read More »

US, Allies Release Guidance on Securing OT Environments

CISA, Government, guidance, ICS, ICS/OT /

US, Allies Release Guidance on Securing OT Environments 2024-10-02 at 17:01 By Ionut Arghire New guidance provides information on how to create and maintain a secure operational technology (OT) environment. The post US, Allies Release Guidance on Securing OT Environments appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

US, Allies Release Guidance on Securing OT Environments Read More »

CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities

CISA, Government, secure by design, Vulnerabilities, XSS /

CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities 2024-09-18 at 15:31 By Ionut Arghire CISA and the FBI have released an alert on XSS vulnerabilities, urging organizations to adopt a secure by design approach and eliminate them. The post CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities Read More »

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)

Arctic Wolf Networks, CISA, Don't miss, firewall, Hot stuff, News, Ransomware, Rapid7, SonicWall, vulnerability /

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) 2024-09-10 at 15:31 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming it is being actively exploited by attackers. Though the

React to this headline:

Loading spinner

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) Read More »

Exposed: Russian military Unit 29155 does digital sabotage, espionage

CISA, cyber espionage, cyber sabotage, cyber war, cybercriminals, disruption, Don't miss, hacker, Hot stuff, Justice Department, NATO, News, Russian Federation, Ukraine, USA /

Exposed: Russian military Unit 29155 does digital sabotage, espionage 2024-09-06 at 17:01 By Zeljka Zorz The US Department of Justice has named five Russian computer hackers as members of Unit 29155 – i.e., the 161st Specialist Training Center of the Russian General Staff Main Intelligence Directorate (GRU) – which they deem resposible for the 2022

React to this headline:

Loading spinner

Exposed: Russian military Unit 29155 does digital sabotage, espionage Read More »

Halliburton Confirms Data Stolen in Cyberattack

CISA, data breach, Halliburton, RansomHub, Ransomware /

Halliburton Confirms Data Stolen in Cyberattack 2024-09-03 at 23:16 By Ryan Naraine The US oil giant updated an SEC filing to confirm malicious hackers “accessed and exfiltrated information” from its corporate systems. The post Halliburton Confirms Data Stolen in Cyberattack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Halliburton Confirms Data Stolen in Cyberattack Read More »

How RansomHub went from zero to 210 victims in six months

CISA, Don't miss, FBI, Hot stuff, News, Ransomware /

How RansomHub went from zero to 210 victims in six months 2024-08-30 at 15:16 By Zeljka Zorz RansomHub, a ransomware-as-a-service (RaaS) outfit that “popped up” earlier this year, has already amassed at least 210 victims (that we know of). Its affiliates have hit government services, IT and communication companies, healthcare institutions, financial organizations, emergency services,

React to this headline:

Loading spinner

How RansomHub went from zero to 210 victims in six months Read More »

US Sees Iranian Hackers Working Closely With Ransomware Groups

CISA, Iran, Ransomware /

US Sees Iranian Hackers Working Closely With Ransomware Groups 2024-08-29 at 11:46 By Ionut Arghire Iranian state-sponsored APT Lemon Sandstorm is working closely with ransomware groups on monetizing network intrusions. The post US Sees Iranian Hackers Working Closely With Ransomware Groups appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

US Sees Iranian Hackers Working Closely With Ransomware Groups Read More »

Pioneer Kitten: Iranian hackers partnering with ransomware affiliates

CISA, cyber espionage, Don't miss, FBI, Iran, News, Ransomware /

Pioneer Kitten: Iranian hackers partnering with ransomware affiliates 2024-08-28 at 19:46 By Zeljka Zorz A group of Iranian hackers – dubbed Pioneer Kitten by cybersecurity researchers – is straddling the line between state-contracted cyber espionage group and initial access provider (and partner in crime) for affiliates of several ransomware groups. “The FBI assesses these actors

React to this headline:

Loading spinner

Pioneer Kitten: Iranian hackers partnering with ransomware affiliates Read More »

US, Allies Release Guidance on Event Logging and Threat Detection

CISA, Government, guidance, logs /

US, Allies Release Guidance on Event Logging and Threat Detection 2024-08-23 at 15:01 By Ionut Arghire Government agencies in the US and allied countries have released guidance on how organizations can define a baseline for event logging best practices. The post US, Allies Release Guidance on Event Logging and Threat Detection appeared first on SecurityWeek.

React to this headline:

Loading spinner

US, Allies Release Guidance on Event Logging and Threat Detection Read More »

CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding

CISA, Government /

CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding 2024-08-20 at 14:16 By Eduard Kovacs Clark Construction has been tasked with building the 630,000 square foot sustainable state-of-the-art facility for CISA. The post CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding appeared

React to this headline:

Loading spinner

CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding Read More »

Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities

CISA, Cisco, exploited, Vulnerabilities /

Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities 2024-08-09 at 15:01 By Eduard Kovacs CISA is warning organizations about abuse of Cisco Smart Install feature, as Cisco is notifying customers about critical phone vulnerabilities it’s not patching. The post Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities Read More »

Google Cloud CISO Phil Venables: ‘I’m short-term pessimistic, long-term optimistic’

CISA, CISO Strategy, cloud security, CSRB, Google Cloud, Government, Regulations /

Google Cloud CISO Phil Venables: ‘I’m short-term pessimistic, long-term optimistic’ 2024-07-30 at 18:48 By Ryan Naraine SecurityWeek fireside chat: Google Cloud CISO on CISA’s secure-by-design initiatives, government regulations, holding vendors accountable, and transformational security leadership. The post Google Cloud CISO Phil Venables: ‘I’m short-term pessimistic, long-term optimistic’ appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Google Cloud CISO Phil Venables: ‘I’m short-term pessimistic, long-term optimistic’ Read More »

Progress Patches Critical Telerik Report Server Vulnerability

CISA, CVE-2024-6327, ICS/OT, Progress Software, Telerik Report Server, Vulnerabilities /

Progress Patches Critical Telerik Report Server Vulnerability 2024-07-26 at 17:46 By Ionut Arghire Progress Software calls attention to a critical remote code execution flaw in the Telerik Report Server product. The post Progress Patches Critical Telerik Report Server Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Progress Patches Critical Telerik Report Server Vulnerability Read More »

Scroll to Top