CISA

CISA starts CVE “vulnrichment” program

CISA, CVE, Don't miss, Hot stuff, News, vulnerability assessment, vulnerability management /

CISA starts CVE “vulnrichment” program 2024-05-09 at 13:16 By Zeljka Zorz The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is failing Since 1999, NVD analysts have been adding CVE-numbered vulnerabilities […]

React to this headline:

Loading spinner

CISA starts CVE “vulnrichment” program Read More »

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities

CISA, guidance, Vulnerabilities, vulnerability /

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities 2024-05-03 at 17:09 By Ionut Arghire CISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure. The post CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities Read More »

Russian Hackers Target Industrial Systems in North America, Europe

CISA, ICS, ICS/OT, Russia /

Russian Hackers Target Industrial Systems in North America, Europe 2024-05-02 at 15:16 By Eduard Kovacs Government agencies are sharing recommendations following attacks claimed by pro-Russian hacktivists on ICS/OT systems. The post Russian Hackers Target Industrial Systems in North America, Europe appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Russian Hackers Target Industrial Systems in North America, Europe Read More »

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure

AI, artificial inteligence, Artificial Intelligence, CISA, critical infrastructure, Government, Malware & Threats /

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure 2024-04-29 at 21:02 By Ryan Naraine New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy. The post CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure appeared first on SecurityWeek. This

React to this headline:

Loading spinner

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure Read More »

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

0-day, CISA, Cisco, Don't miss, firewall, government-backed attacks, Hot stuff, Lumen, Microsoft, NCSC, News, security update /

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) 2024-04-24 at 21:31 By Zeljka Zorz A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Talos researchers have shared on Wednesday.

React to this headline:

Loading spinner

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) Read More »

Protobom: Open-source software supply chain tool

CISA, DHS, Don't miss, GitHub, News, open source, OpenSSF, software /

Protobom: Open-source software supply chain tool 2024-04-19 at 07:31 By Mirko Zorz Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data across standard industry SBOM formats. “he Protobom project was

React to this headline:

Loading spinner

Protobom: Open-source software supply chain tool Read More »

New open-source project takeover attacks spotted, stymied

backdoor, CISA, Don't miss, Endor Labs, Hot stuff, News, O'Reilly, open source, OpenJS Foundation, OpenSSF, social engineering, supply chain attacks, tips /

New open-source project takeover attacks spotted, stymied 2024-04-16 at 16:16 By Zeljka Zorz The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious maintainer achieved that coveted position after

React to this headline:

Loading spinner

New open-source project takeover attacks spotted, stymied Read More »

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft

CISA, Data Breaches, Featured, Incident Response, Microsoft, Midnight Blizzard, Nation-State, Nobelium, Russia /

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft 2024-04-11 at 23:46 By Ryan Naraine The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts “presents a grave and unacceptable risk to federal agencies.” The post US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft

React to this headline:

Loading spinner

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft Read More »

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets

CISA, data breach, Data Breaches, Government, Sisence, supply chain /

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets 2024-04-11 at 19:46 By Ryan Naraine The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools. The post Sisense Data Breach Triggers CISA Alert and Urgent Calls for

React to this headline:

Loading spinner

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets Read More »

CISA warns about Sisense data breach

CISA, credentials, data breach, Don't miss, Hot stuff, News, Sisense /

CISA warns about Sisense data breach 2024-04-11 at 17:31 By Zeljka Zorz Business intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company’s customers to “reset credentials and secrets potentially exposed to, or used to access,

React to this headline:

Loading spinner

CISA warns about Sisense data breach Read More »

CISA Releases Malware Next-Gen Analysis System for Public Use

CISA, Government, Malware & Threats, Malware Next-Gen /

CISA Releases Malware Next-Gen Analysis System for Public Use 2024-04-10 at 23:17 By Ryan Naraine CISA’s Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis. The post CISA Releases Malware Next-Gen Analysis System for Public Use appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

CISA Releases Malware Next-Gen Analysis System for Public Use Read More »

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

CISA, CVE, Don't miss, Hot stuff, Microsoft, News, Patch Tuesday, security update, SonicWall, Tenable, Trend Micro, vulnerability, vulnerability management /

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) 2024-04-09 at 22:35 By Zeljka Zorz On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being

React to this headline:

Loading spinner

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) Read More »

A “cascade” of errors let Chinese hackers into US government inboxes

APT, CISA, cloud security, CSP, Don't miss, Government, government-backed attacks, Hot stuff, Microsoft, News, UK, USA /

A “cascade” of errors let Chinese hackers into US government inboxes 2024-04-03 at 16:46 By Zeljka Zorz Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in

React to this headline:

Loading spinner

A “cascade” of errors let Chinese hackers into US government inboxes Read More »

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

backdoor, CISA, CVE, Debian, Don't miss, Fedora, Hot stuff, Linux, News, open source, Red Hat, SUSE, vulnerability /

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) 2024-03-29 at 20:31 By Zeljka Zorz A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns.

React to this headline:

Loading spinner

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) Read More »

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

CISA, Don't miss, enterprise, Government, Hot stuff, News, Synopsys, vulnerability /

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) 2024-03-28 at 12:32 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that

React to this headline:

Loading spinner

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) Read More »

CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities

CISA, Government, Government Policy /

CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities 2024-03-28 at 12:01 By Eduard Kovacs CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities. The post CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities Read More »

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities

CISA, SQL injection, Vulnerabilities /

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities 2024-03-26 at 13:16 By Ionut Arghire CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software. The post US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities Read More »

CISA: Here’s how you can foil DDoS attacks

CISA, DDoS, Don't miss, guide, News /

CISA: Here’s how you can foil DDoS attacks 2024-03-22 at 13:46 By Zeljka Zorz In light of the rise of “DDoS hacktivism” and the recent DDoS attacks aimed at disrupting French and Alabama government websites, the Cybersecurity and Infrastructure Security Agency (CISA) has updated its guidance of how governmental entities (but also other organizations) should

React to this headline:

Loading spinner

CISA: Here’s how you can foil DDoS attacks Read More »

CISA’s OT Attack Response Team Understaffed: GAO

CISA, cyber workforce, Government, ICS, Incident Response /

CISA’s OT Attack Response Team Understaffed: GAO 2024-03-12 at 15:46 By Eduard Kovacs GAO study finds that CISA does not have enough staff to respond to significant OT attacks in multiple locations at the same time. The post CISA’s OT Attack Response Team Understaffed: GAO appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

CISA’s OT Attack Response Team Understaffed: GAO Read More »

10 free cybersecurity guides you might have missed

CISA, CISO, critical infrastructure, cyber resilience, Department of Defense, Don't miss, Government, guide, Hot stuff, how-to, News, phishing, Ransomware, skill development, SMBs, strategy, tips, USA /

10 free cybersecurity guides you might have missed 2024-03-11 at 09:07 By Help Net Security This collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations. Whether you work for a small business, a large corporation, or a specific industry,

React to this headline:

Loading spinner

10 free cybersecurity guides you might have missed Read More »

Scroll to Top