CISA

CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks

CISA, ICS, ICS/OT, password /

CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks 18/12/2023 at 19:17 By Eduard Kovacs CISA is advising device makers to stop relying on customers to change default passwords following attacks targeting water sector ICS. The post CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks appeared first on SecurityWeek. This […]

React to this headline:

Loading spinner

CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks Read More »

CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance

CISA, healthcare, Network Security, penetration testing, Vulnerabilities /

CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance 18/12/2023 at 18:16 By Ionut Arghire The US cybersecurity agency CISA issues cybersecurity recommendations for the healthcare and public health sector. The post CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance Read More »

Russian hackers target unpatched JetBrains TeamCity servers

APT, CISA, cyber espionage, Don't miss, enterprise, exploit, Fortinet, Hot stuff, JetBrains, National Cyber Security Centre, News, Shadowserver, vulnerability /

Russian hackers target unpatched JetBrains TeamCity servers 14/12/2023 at 16:04 By Helga Labus Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT 29 (aka CozyBear, aka Midnight Blizzard), believed to be associated with

React to this headline:

Loading spinner

Russian hackers target unpatched JetBrains TeamCity servers Read More »

CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines

CISA, Government /

CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines 13/12/2023 at 16:31 By Ionut Arghire CISA is asking for public opinion on SCuBA secure configuration baselines for nine Google Workspace services. The post CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines Read More »

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance

apple, CISA, cybersecurity, Don't miss, Expert analysis, Expert corner, Google, Hot stuff, Microsoft, Mozilla, News, Patch Tuesday /

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance 08/12/2023 at 09:02 By Mirko Zorz The final Patch Tuesday of the year is almost upon us! This is the time of year when we want to relax and enjoy the holidays, but we need to be extra vigilant to detect and respond to suspicious

React to this headline:

Loading spinner

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance Read More »

CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation

CISA, Cyberwarfare, email security, Microsoft, Nation-State, Russia, Star Blizzard, Threat Intelligence /

CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation 08/12/2023 at 00:48 By Ryan Naraine The US cybersecurity agency calls attention to a Russian APT targeting academia, defense, governmental organizations, NGOs and think-tanks. The post CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation Read More »

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

Adobe ColdFusion, CISA, Don't miss, exploit, Government, Hot stuff, News, vulnerability /

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) 06/12/2023 at 17:46 By Helga Labus Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data

React to this headline:

Loading spinner

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) Read More »

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities

Check Point, CISA, critical infrastructure, Don't miss, Hot stuff, Israel, NCSC, News, PLC, USA /

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities 04/12/2023 at 16:48 By Helga Labus Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs), US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series

React to this headline:

Loading spinner

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities Read More »

CISA Debuts ‘Secure by Design’ Alert Series

CISA, Government, Security Architecture /

CISA Debuts ‘Secure by Design’ Alert Series 30/11/2023 at 14:16 By Ionut Arghire New CISA alerts shed light on the harm occurring when software vendors fail to implement secure by design principles. The post CISA Debuts ‘Secure by Design’ Alert Series appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

CISA Debuts ‘Secure by Design’ Alert Series Read More »

Strategies for cultivating a supportive culture in zero-trust adoption

authentication, automation, CIO, CISA, Cisco, CISO, cybersecurity, Don't miss, Features, Hot stuff, identity, News, NIST, opinion, SOAR, strategy, zero trust /

Strategies for cultivating a supportive culture in zero-trust adoption 29/11/2023 at 08:01 By Mirko Zorz In this Help Net Security interview, Wolfgang Goerlich, Advisory CISO at Cisco, discusses the benefits of implementing a mature zero-trust model for both security and business outcomes, revealing a decrease in reported security incidents and enhanced adaptability. Goerlich emphasizes the

React to this headline:

Loading spinner

Strategies for cultivating a supportive culture in zero-trust adoption Read More »

Released: AI security guidelines backed by 18 countries

Artificial Intelligence, CISA, Don't miss, Government, guidelines, Hot stuff, machine learning, NCSC, News /

Released: AI security guidelines backed by 18 countries 27/11/2023 at 17:32 By Zeljka Zorz The UK National Cyber Security Centre (NCSC) has published new guidelines that can help developers and providers of AI-powered systems “build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties.” How

React to this headline:

Loading spinner

Released: AI security guidelines backed by 18 countries Read More »

How LockBit used Citrix Bleed to breach Boeing and other targets

ACSC, CISA, Citrix, Don't miss, FBI, Hot stuff, NetScaler, News, Ransomware, vulnerability /

How LockBit used Citrix Bleed to breach Boeing and other targets 22/11/2023 at 16:47 By Zeljka Zorz CVE-2023-4966, aka “Citrix Bleed”, has been exploited by LockBit 3.0 affiliates to breach Boeing’s parts and distribution business, and “other trusted third parties have observed similar activity impacting their organization,” cybersecurity and law enforcement officials have confirmed on

React to this headline:

Loading spinner

How LockBit used Citrix Bleed to breach Boeing and other targets Read More »

CISA offers cybersecurity services to non-federal orgs in critical infrastructure sector

CISA, critical infrastructure, cyber risk, Don't miss, Hot stuff, News, USA /

CISA offers cybersecurity services to non-federal orgs in critical infrastructure sector 22/11/2023 at 12:47 By Helga Labus The Cybersecurity and Infrastructure Security Agency (CISA) has announced a pilot program that aims to offer cybersecurity services to critical infrastructure entities as they have become a common target in cyberattacks. “In alignment with CISA’s ‘Target Rich, Resource

React to this headline:

Loading spinner

CISA offers cybersecurity services to non-federal orgs in critical infrastructure sector Read More »

CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities

CISA, critical infrastructure, Government /

CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities 21/11/2023 at 18:32 By Ionut Arghire New CISA pilot program brings cutting-edge cybersecurity services to critical infrastructure entities that need support. The post CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities Read More »

The shifting sands of the war against cyber extortion

Analyst1, CISA, Don't miss, extortion, FBI, Government, Hot stuff, law enforcement, News, Ransomware /

The shifting sands of the war against cyber extortion 21/11/2023 at 14:33 By Zeljka Zorz Ransomware and cyber extortion attacks aimed at organizations are not letting up. Occasionally, they even come in pairs. The often large and sometimes massive ransomware recovery costs companies incur when they decide not to meet the demands deter many other

React to this headline:

Loading spinner

The shifting sands of the war against cyber extortion Read More »

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)

CISA, Don't miss, enterprise, exploit, Hot stuff, News, PoC, Sophos, vulnerability /

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) 20/11/2023 at 14:47 By Helga Labus CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability (CVE-2023-1671) in Sophos Web Appliance that has been patched by the company in April 2023. About CVE-2023-1671 CVE-2023-1671 is a pre-auth command injection vulnerability

React to this headline:

Loading spinner

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) Read More »

CISA Outlines AI-Related Cybersecurity Efforts

AI, Artificial Intelligence, CISA, Government /

CISA Outlines AI-Related Cybersecurity Efforts 15/11/2023 at 17:01 By Ionut Arghire CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI. The post CISA Outlines AI-Related Cybersecurity Efforts appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

CISA Outlines AI-Related Cybersecurity Efforts Read More »

Juniper networking devices under attack

CISA, Don't miss, enterprise, exploit, firewall, Hot stuff, Juniper Networks, News, vulnerability, WatchTowr /

Juniper networking devices under attack 14/11/2023 at 16:46 By Zeljka Zorz CISA has ordered US federal agencies to patch five vulnerabilities used by attackers to compromise Juniper networking devices, and to do so by Friday. Most of these bugs are not particularly severe by themselves, but they can be – and have been – chained

React to this headline:

Loading spinner

Juniper networking devices under attack Read More »

From Windows 9x to 11: Tracing Microsoft’s security evolution

CISA, CISO, cybersecurity, Don't miss, Features, Hot stuff, Linux, macOS, Microsoft, News, opinion, strategy, Tenable, Windows /

From Windows 9x to 11: Tracing Microsoft’s security evolution 31/10/2023 at 09:01 By Mirko Zorz Over its journey from Windows 9x to Windows 11, Microsoft has implemented multiple security overhauls, each addressing the challenges of its time and setting the stage for future developments. In this Help Net Security interview, we feature security researcher Alex

React to this headline:

Loading spinner

From Windows 9x to 11: Tracing Microsoft’s security evolution Read More »

Logging Made Easy: Free log management solution from CISA

CISA, Don't miss, GitHub, Hot stuff, log management, logging, NCSC, News, open source, software, Windows /

Logging Made Easy: Free log management solution from CISA 30/10/2023 at 13:17 By Help Net Security CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber Security Centre

React to this headline:

Loading spinner

Logging Made Easy: Free log management solution from CISA Read More »

Scroll to Top