CISA

New open-source project takeover attacks spotted, stymied

backdoor, CISA, Don't miss, Endor Labs, Hot stuff, News, O'Reilly, open source, OpenJS Foundation, OpenSSF, social engineering, supply chain attacks, tips /

New open-source project takeover attacks spotted, stymied 2024-04-16 at 16:16 By Zeljka Zorz The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious maintainer achieved that coveted position after […]

React to this headline:

Loading spinner

New open-source project takeover attacks spotted, stymied Read More »

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft

CISA, Data Breaches, Featured, Incident Response, Microsoft, Midnight Blizzard, Nation-State, Nobelium, Russia /

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft 2024-04-11 at 23:46 By Ryan Naraine The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts “presents a grave and unacceptable risk to federal agencies.” The post US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft

React to this headline:

Loading spinner

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft Read More »

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets

CISA, data breach, Data Breaches, Government, Sisence, supply chain /

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets 2024-04-11 at 19:46 By Ryan Naraine The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools. The post Sisense Data Breach Triggers CISA Alert and Urgent Calls for

React to this headline:

Loading spinner

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets Read More »

CISA warns about Sisense data breach

CISA, credentials, data breach, Don't miss, Hot stuff, News, Sisense /

CISA warns about Sisense data breach 2024-04-11 at 17:31 By Zeljka Zorz Business intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company’s customers to “reset credentials and secrets potentially exposed to, or used to access,

React to this headline:

Loading spinner

CISA warns about Sisense data breach Read More »

CISA Releases Malware Next-Gen Analysis System for Public Use

CISA, Government, Malware & Threats, Malware Next-Gen /

CISA Releases Malware Next-Gen Analysis System for Public Use 2024-04-10 at 23:17 By Ryan Naraine CISA’s Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis. The post CISA Releases Malware Next-Gen Analysis System for Public Use appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

CISA Releases Malware Next-Gen Analysis System for Public Use Read More »

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

CISA, CVE, Don't miss, Hot stuff, Microsoft, News, Patch Tuesday, security update, SonicWall, Tenable, Trend Micro, vulnerability, vulnerability management /

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) 2024-04-09 at 22:35 By Zeljka Zorz On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being

React to this headline:

Loading spinner

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) Read More »

A “cascade” of errors let Chinese hackers into US government inboxes

APT, CISA, cloud security, CSP, Don't miss, Government, government-backed attacks, Hot stuff, Microsoft, News, UK, USA /

A “cascade” of errors let Chinese hackers into US government inboxes 2024-04-03 at 16:46 By Zeljka Zorz Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in

React to this headline:

Loading spinner

A “cascade” of errors let Chinese hackers into US government inboxes Read More »

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

backdoor, CISA, CVE, Debian, Don't miss, Fedora, Hot stuff, Linux, News, open source, Red Hat, SUSE, vulnerability /

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) 2024-03-29 at 20:31 By Zeljka Zorz A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns.

React to this headline:

Loading spinner

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) Read More »

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

CISA, Don't miss, enterprise, Government, Hot stuff, News, Synopsys, vulnerability /

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) 2024-03-28 at 12:32 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that

React to this headline:

Loading spinner

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) Read More »

CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities

CISA, Government, Government Policy /

CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities 2024-03-28 at 12:01 By Eduard Kovacs CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities. The post CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities Read More »

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities

CISA, SQL injection, Vulnerabilities /

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities 2024-03-26 at 13:16 By Ionut Arghire CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software. The post US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities Read More »

CISA: Here’s how you can foil DDoS attacks

CISA, DDoS, Don't miss, guide, News /

CISA: Here’s how you can foil DDoS attacks 2024-03-22 at 13:46 By Zeljka Zorz In light of the rise of “DDoS hacktivism” and the recent DDoS attacks aimed at disrupting French and Alabama government websites, the Cybersecurity and Infrastructure Security Agency (CISA) has updated its guidance of how governmental entities (but also other organizations) should

React to this headline:

Loading spinner

CISA: Here’s how you can foil DDoS attacks Read More »

CISA’s OT Attack Response Team Understaffed: GAO

CISA, cyber workforce, Government, ICS, Incident Response /

CISA’s OT Attack Response Team Understaffed: GAO 2024-03-12 at 15:46 By Eduard Kovacs GAO study finds that CISA does not have enough staff to respond to significant OT attacks in multiple locations at the same time. The post CISA’s OT Attack Response Team Understaffed: GAO appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

CISA’s OT Attack Response Team Understaffed: GAO Read More »

10 free cybersecurity guides you might have missed

CISA, CISO, critical infrastructure, cyber resilience, Department of Defense, Don't miss, Government, guide, Hot stuff, how-to, News, phishing, Ransomware, skill development, SMBs, strategy, tips, USA /

10 free cybersecurity guides you might have missed 2024-03-11 at 09:07 By Help Net Security This collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations. Whether you work for a small business, a large corporation, or a specific industry,

React to this headline:

Loading spinner

10 free cybersecurity guides you might have missed Read More »

CISA Outlines Efforts to Secure Open Source Software

Application Security, CISA, open source, Security Architecture /

CISA Outlines Efforts to Secure Open Source Software 2024-03-08 at 18:03 By Ionut Arghire Concluding a two-day OSS security summit, CISA details key actions to help improve open source security. The post CISA Outlines Efforts to Secure Open Source Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

CISA Outlines Efforts to Secure Open Source Software Read More »

Securing software repositories leads to better OSS security

CISA, Don't miss, framework, GitHub, Hot stuff, Malware, News, open source, OpenSSF, PyPI /

Securing software repositories leads to better OSS security 2024-03-04 at 14:03 By Zeljka Zorz Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s

React to this headline:

Loading spinner

Securing software repositories leads to better OSS security Read More »

JCDC’s strategic shift: Prioritizing cyber hardening

APT, Artificial Intelligence, CISA, critical infrastructure, cybersecurity, Don't miss, Features, Government, Hot stuff, NCSC, News, opinion, Ransomware, strategy, Xage Security /

JCDC’s strategic shift: Prioritizing cyber hardening 2024-03-01 at 08:01 By Mirko Zorz In this Help Net Security interview, Geoffrey Mattson, CEO of Xage Security, discusses the evolution of the Joint Cyber Defense Collaborative (JCDC) since its 2021 inception and tackles its 2024 strategic priorities in response to escalating cyber threats. He elaborates on JCDC’s strategies

React to this headline:

Loading spinner

JCDC’s strategic shift: Prioritizing cyber hardening Read More »

ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack

CISA, cyberattack, Don't miss, FBI, healthcare, Hot stuff, News, Ransomware /

ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack 2024-02-29 at 14:46 By Helga Labus The ALPHV/BlackCat ransomware group has claimed responsibility for the cyberattack that targeted Optum, a subsidiary of UnitedHealth Group (UHG), causing disruption to the Change Healthcare platform and affecting pharmacy transactions across the US. ALPHV/BlackCat is back Last December, US

React to this headline:

Loading spinner

ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack Read More »

US Gov Says Software Measurability is ‘Hardest Problem to Solve’

CISA, CVE, Government, memory corruption, Risk Management, White House /

US Gov Says Software Measurability is ‘Hardest Problem to Solve’ 2024-02-27 at 22:31 By Ryan Naraine White House calls for the “timely, complete, and consistent” publication of CVE and CWE data to help solve the security metrics problem. The post US Gov Says Software Measurability is ‘Hardest Problem to Solve’ appeared first on SecurityWeek. This

React to this headline:

Loading spinner

US Gov Says Software Measurability is ‘Hardest Problem to Solve’ Read More »

APT29 revamps its techniques to breach cloud environments

APT, CISA, cloud security, cybercrime, Don't miss, FBI, Hot stuff, NCSC, News, NSA, threat /

APT29 revamps its techniques to breach cloud environments 2024-02-27 at 14:16 By Helga Labus Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. About APT29 APT29 (aka Midnight Blizzard, aka Cozy Bear) is a cyber espionage group believed to

React to this headline:

Loading spinner

APT29 revamps its techniques to breach cloud environments Read More »

Scroll to Top