CISA Enhances Secure by Design Strategy with AI Red Teaming for Critical Infrastructure Protection 2024-11-27 at 14:34 By daksh sharma Overview CISA has announced new additions to its Secure by Design initiative with the introduction of advanced fields in artificial intelligence (AI). This plan ensures the safety, security, and reliability of AI systems, especially as […]
React to this headline:
CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems 2024-11-26 at 13:03 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) published seven detailed security advisories to address critical vulnerabilities in various Industrial Control Systems (ICS). These advisories cover a range of products, from web-based control servers to automated
React to this headline:
CISA Adds Three Critical Vulnerabilities to the Known Exploited Vulnerabilities Catalog 2024-11-19 at 11:01 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has recently added three significant vulnerabilities to its Known Exploited Vulnerabilities Catalog (KEV), based on evidence of active exploitation. These vulnerabilities, identified in popular networking and security products, represent a
React to this headline:
CISA Adds Three Critical Vulnerabilities to the Known Exploited Vulnerabilities Catalog Read More »
CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog 2024-11-18 at 09:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has officially added two high-severity vulnerabilities affecting Palo Alto Networks Expedition to its Known Exploited Vulnerability (KEV) Catalog. The two Palo Alto Networks vulnerabilities, which are actively being targeted
React to this headline:
CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog Read More »
ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps 2024-11-18 at 06:32 By Mirko Zorz ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps. ScubaGear analyzes an organization’s M365 tenant configuration, offering actionable insights and recommendations to help
React to this headline:
ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps Read More »
Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) 2024-11-15 at 13:16 By Zeljka Zorz Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration tool, CISA has confirmed on Thursday. About the vulnerabilities (CVE-2024-9463, CVE-2024-9465) CVE-2024-9463 allows unauthenticated attackers to run arbitrary OS commands as root
React to this headline:
Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) Read More »
FBI confirms China-linked cyber espionage involving breached telecom providers 2024-11-14 at 14:16 By Zeljka Zorz After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part
React to this headline:
FBI confirms China-linked cyber espionage involving breached telecom providers Read More »
Zero-days dominate top frequently exploited vulnerabilities 2024-11-14 at 07:03 By Mirko Zorz A joint report by leading cybersecurity agencies from the U.S., UK, Canada, Australia, and New Zealand has identified the most commonly exploited vulnerabilities of 2023. Zero-day vulnerabilities on the rise The advisory highlights that malicious cyber actors increasingly targeted zero-day vulnerabilities, posing significant
React to this headline:
Zero-days dominate top frequently exploited vulnerabilities Read More »
CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager 2024-11-04 at 12:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has alerted about new vulnerabilities in Rockwell Automation FactoryTalk ThinManager. The alert, designated ICSA-24-305-01, outlines serious security risks that could affect users of the software. With a CVSS v4 score of
React to this headline:
CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager Read More »
U.S. Agencies Investigate China-Linked Telecom Hacks Targeting High-Profile Politicians 2024-10-28 at 18:19 By daksh sharma The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have launched an investigation into a series of cyber intrusions linked to hackers believed to be affiliated with the Chinese state-linked threat actors. This investigation follows reports that the phone
React to this headline:
U.S. Agencies Investigate China-Linked Telecom Hacks Targeting High-Profile Politicians Read More »
Exploited: Cisco, SharePoint, Chrome vulnerabilities 2024-10-25 at 13:33 By Zeljka Zorz Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few days, Cisco has released fixes for a slew of vulnerabilities affecting the software powering its
React to this headline:
Exploited: Cisco, SharePoint, Chrome vulnerabilities Read More »
CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products 2024-10-16 at 14:14 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical advisory report highlighting vulnerabilities recently added to the Known Exploited Vulnerability (KEV) catalog. These vulnerabilities pose risks to organizations and require immediate attention. CISA categorizes vulnerabilities based on
React to this headline:
CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products Read More »
Four Critical Vulnerabilities Added to CISA’s Exploited Vulnerabilities Catalog 2024-10-04 at 16:18 By dakshsharma16 Overview The Cybersecurity and Infrastructure Security Agency (CISA) has recently added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, signaling ongoing active exploitation. These vulnerabilities present significant risks for organizations that rely on the affected technologies. CISA’s update highlights several
React to this headline:
Four Critical Vulnerabilities Added to CISA’s Exploited Vulnerabilities Catalog Read More »
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) 2024-10-03 at 18:31 By Zeljka Zorz CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited Vulnerabilities catalog. Ivanti did the same by updating the
React to this headline:
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) Read More »
US, Allies Release Guidance on Securing OT Environments 2024-10-02 at 17:01 By Ionut Arghire New guidance provides information on how to create and maintain a secure operational technology (OT) environment. The post US, Allies Release Guidance on Securing OT Environments appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original
React to this headline:
US, Allies Release Guidance on Securing OT Environments Read More »
CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities 2024-09-18 at 15:31 By Ionut Arghire CISA and the FBI have released an alert on XSS vulnerabilities, urging organizations to adopt a secure by design approach and eliminate them. The post CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities appeared first on SecurityWeek. This article is an
React to this headline:
CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities Read More »
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) 2024-09-10 at 15:31 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming it is being actively exploited by attackers. Though the
React to this headline:
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) Read More »
Exposed: Russian military Unit 29155 does digital sabotage, espionage 2024-09-06 at 17:01 By Zeljka Zorz The US Department of Justice has named five Russian computer hackers as members of Unit 29155 – i.e., the 161st Specialist Training Center of the Russian General Staff Main Intelligence Directorate (GRU) – which they deem resposible for the 2022
React to this headline:
Exposed: Russian military Unit 29155 does digital sabotage, espionage Read More »
Halliburton Confirms Data Stolen in Cyberattack 2024-09-03 at 23:16 By Ryan Naraine The US oil giant updated an SEC filing to confirm malicious hackers “accessed and exfiltrated information” from its corporate systems. The post Halliburton Confirms Data Stolen in Cyberattack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original
React to this headline:
Halliburton Confirms Data Stolen in Cyberattack Read More »
How RansomHub went from zero to 210 victims in six months 2024-08-30 at 15:16 By Zeljka Zorz RansomHub, a ransomware-as-a-service (RaaS) outfit that “popped up” earlier this year, has already amassed at least 210 victims (that we know of). Its affiliates have hit government services, IT and communication companies, healthcare institutions, financial organizations, emergency services,
React to this headline:
How RansomHub went from zero to 210 victims in six months Read More »