ICS/OT Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations CISA informs organizations that Westermo Lynx switches are affected by eight vulnerabilities and some devices are reportedly exposed to the internet. Eduard KovacsJanuary 26, 2024
Malware & Threats CISA Issues Emergency Directive on Ivanti Zero-Days The US government’s cybersecurity agency CISA ramps up the pressure on organizations to mitigate two exploited Ivanti VPN vulnerabilities. Ryan NaraineJanuary 19, 2024
Government US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities CISA, FBI and EPA document aims to help water and wastewater organizations improve their cyber resilience and incident response. Ionut ArghireJanuary 19, 2024
Incident Response US Gov Issues Warning for Androxgh0st Malware Attacks A joint advisory from CISA and the FBI warns about Androxgh0st malware attacks ensnaring devices in a botnet. Ionut ArghireJanuary 17, 2024
Malware & Threats CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild CISA released ICS advisories for FXC router and QNAP NRV flaws and added them to its known exploited vulnerabilities catalog. Eduard KovacsDecember 22, 2023
ICS/OT CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks CISA is advising device makers to stop relying on customers to change default passwords following attacks targeting water sector ICS. Eduard KovacsDecember 18, 2023
Network Security CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance The US cybersecurity agency CISA issues cybersecurity recommendations for the healthcare and public health sector. Ionut ArghireDecember 18, 2023
Government CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines CISA is asking for public opinion on SCuBA secure configuration baselines for nine Google Workspace services. Ionut ArghireDecember 13, 2023
Cyberwarfare CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation The US cybersecurity agency calls attention to a Russian APT targeting academia, defense, governmental organizations, NGOs and think-tanks. Ryan NaraineDecember 7, 2023
Security Architecture CISA Debuts ‘Secure by Design’ Alert Series New CISA alerts shed light on the harm occurring when software vendors fail to implement secure by design principles. Ionut ArghireNovember 30, 2023
Government CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities New CISA pilot program brings cutting-edge cybersecurity services to critical infrastructure entities that need support. Ionut ArghireNovember 21, 2023
Artificial Intelligence CISA Outlines AI-Related Cybersecurity Efforts CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI. Ionut ArghireNovember 15, 2023