CISA

US, Allies Publish Guidance on Securing Network Access

CISA, guidance, Network Security /

US, Allies Publish Guidance on Securing Network Access 2024-06-19 at 15:50 By Ionut Arghire Government agencies in the US, New Zealand, and Canada have published new guidance on improving network security. The post US, Allies Publish Guidance on Securing Network Access appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View […]

React to this headline:

Loading spinner

US, Allies Publish Guidance on Securing Network Access Read More »

CISA Conducts First AI Cyber Incident Response Exercise

AI, Artificial Intelligence, CISA, Incident Response /

CISA Conducts First AI Cyber Incident Response Exercise 2024-06-17 at 17:16 By Ionut Arghire The US cybersecurity agency CISA has conducted a tabletop exercise with the private sector focused on AI cyber incident response. The post CISA Conducts First AI Cyber Incident Response Exercise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

CISA Conducts First AI Cyber Incident Response Exercise Read More »

Unpacking CISA’s AI guidelines

Artificial Intelligence, Axonius, CISA, cybersecurity, Don't miss, Government, guidelines, Hot stuff, policy, Video /

Unpacking CISA’s AI guidelines 2024-06-07 at 07:01 By Help Net Security CISA’s late April AI and infrastructure guidelines address 16 sectors along with their cybersecurity needs and operations concerning the growth of AI as a tool to build both federal and vendor cybersecurity infrastructure in the federal marketplace. In this Help Net Security video, Tom

React to this headline:

Loading spinner

Unpacking CISA’s AI guidelines Read More »

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)

0-day, Check Point, CISA, CVE, Don't miss, enterprise, Hot stuff, News, Rapid7, WatchTowr /

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) 2024-05-31 at 14:32 By Zeljka Zorz Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations’ network. “The vulnerability is particularly critical

React to this headline:

Loading spinner

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) Read More »

HHS pledges $50M for autonomous vulnerability management solution for hospitals

CISA, Don't miss, healthcare, Horizon3.ai, Hot stuff, News, patching, Ransomware, vulnerability management /

HHS pledges $50M for autonomous vulnerability management solution for hospitals 2024-05-23 at 10:18 By Zeljka Zorz As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability (CVE-2023-43208) in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health (ARPA-H) has

React to this headline:

Loading spinner

HHS pledges $50M for autonomous vulnerability management solution for hospitals Read More »

Google Cites ‘Monoculture’ Risks in Response to CSRB Report on Microsoft

CISA, cloud security, CSRB, Google Cloud, Government, Microsoft, Nation-State /

Google Cites ‘Monoculture’ Risks in Response to CSRB Report on Microsoft 2024-05-20 at 22:01 By Ryan Naraine Google is invoking the ‘monoculture’ word in response to a scathing U.S. government report on Microsoft’s inadequate cybersecurity practices. The post Google Cites ‘Monoculture’ Risks in Response to CSRB Report on Microsoft appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Google Cites ‘Monoculture’ Risks in Response to CSRB Report on Microsoft Read More »

Eric Goldstein Leaving CISA for Private Sector Role

CISA, Management & Strategy, People Movements /

Eric Goldstein Leaving CISA for Private Sector Role 2024-05-20 at 17:31 By SecurityWeek News CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years. The post Eric Goldstein Leaving CISA for Private Sector Role appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Eric Goldstein Leaving CISA for Private Sector Role Read More »

Black Basta target orgs with new social engineering campaign

CISA, Don't miss, Hot stuff, News, Ransomware, Rapid7, remote management, social engineering, vishing /

Black Basta target orgs with new social engineering campaign 2024-05-13 at 15:46 By Zeljka Zorz Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access tools. Black Basta TTPs and newest initial access attempts According to a cybersecurity advisory

React to this headline:

Loading spinner

Black Basta target orgs with new social engineering campaign Read More »

Critical vulnerabilities take 4.5 months on average to remediate

BitSight, CISA, cybersecurity, News, report, survey, vulnerability management /

Critical vulnerabilities take 4.5 months on average to remediate 2024-05-13 at 06:31 By Help Net Security Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA’s deadlines, according to Bitsight. Organizations struggle to remediate

React to this headline:

Loading spinner

Critical vulnerabilities take 4.5 months on average to remediate Read More »

CISA Announces CVE Enrichment Project ‘Vulnrichment’

CISA, Vulnerabilities, vulnerability /

CISA Announces CVE Enrichment Project ‘Vulnrichment’ 2024-05-09 at 16:01 By Eduard Kovacs CISA’s Vulnrichment project is adding important information to CVE records to help improve vulnerability management processes. The post CISA Announces CVE Enrichment Project ‘Vulnrichment’ appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

CISA Announces CVE Enrichment Project ‘Vulnrichment’ Read More »

CISA starts CVE “vulnrichment” program

CISA, CVE, Don't miss, Hot stuff, News, vulnerability assessment, vulnerability management /

CISA starts CVE “vulnrichment” program 2024-05-09 at 13:16 By Zeljka Zorz The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is failing Since 1999, NVD analysts have been adding CVE-numbered vulnerabilities

React to this headline:

Loading spinner

CISA starts CVE “vulnrichment” program Read More »

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities

CISA, guidance, Vulnerabilities, vulnerability /

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities 2024-05-03 at 17:09 By Ionut Arghire CISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure. The post CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities Read More »

Russian Hackers Target Industrial Systems in North America, Europe

CISA, ICS, ICS/OT, Russia /

Russian Hackers Target Industrial Systems in North America, Europe 2024-05-02 at 15:16 By Eduard Kovacs Government agencies are sharing recommendations following attacks claimed by pro-Russian hacktivists on ICS/OT systems. The post Russian Hackers Target Industrial Systems in North America, Europe appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Russian Hackers Target Industrial Systems in North America, Europe Read More »

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure

AI, artificial inteligence, Artificial Intelligence, CISA, critical infrastructure, Government, Malware & Threats /

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure 2024-04-29 at 21:02 By Ryan Naraine New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy. The post CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure appeared first on SecurityWeek. This

React to this headline:

Loading spinner

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure Read More »

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

0-day, CISA, Cisco, Don't miss, firewall, government-backed attacks, Hot stuff, Lumen, Microsoft, NCSC, News, security update /

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) 2024-04-24 at 21:31 By Zeljka Zorz A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Talos researchers have shared on Wednesday.

React to this headline:

Loading spinner

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) Read More »

Protobom: Open-source software supply chain tool

CISA, DHS, Don't miss, GitHub, News, open source, OpenSSF, software /

Protobom: Open-source software supply chain tool 2024-04-19 at 07:31 By Mirko Zorz Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data across standard industry SBOM formats. “he Protobom project was

React to this headline:

Loading spinner

Protobom: Open-source software supply chain tool Read More »

New open-source project takeover attacks spotted, stymied

backdoor, CISA, Don't miss, Endor Labs, Hot stuff, News, O'Reilly, open source, OpenJS Foundation, OpenSSF, social engineering, supply chain attacks, tips /

New open-source project takeover attacks spotted, stymied 2024-04-16 at 16:16 By Zeljka Zorz The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious maintainer achieved that coveted position after

React to this headline:

Loading spinner

New open-source project takeover attacks spotted, stymied Read More »

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft

CISA, Data Breaches, Featured, Incident Response, Microsoft, Midnight Blizzard, Nation-State, Nobelium, Russia /

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft 2024-04-11 at 23:46 By Ryan Naraine The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts “presents a grave and unacceptable risk to federal agencies.” The post US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft

React to this headline:

Loading spinner

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft Read More »

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets

CISA, data breach, Data Breaches, Government, Sisence, supply chain /

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets 2024-04-11 at 19:46 By Ryan Naraine The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools. The post Sisense Data Breach Triggers CISA Alert and Urgent Calls for

React to this headline:

Loading spinner

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets Read More »

CISA warns about Sisense data breach

CISA, credentials, data breach, Don't miss, Hot stuff, News, Sisense /

CISA warns about Sisense data breach 2024-04-11 at 17:31 By Zeljka Zorz Business intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company’s customers to “reset credentials and secrets potentially exposed to, or used to access,

React to this headline:

Loading spinner

CISA warns about Sisense data breach Read More »

Scroll to Top