Government CISA Releases Malware Next-Gen Analysis System for Public Use CISA's Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis. Ryan NaraineApril 10, 2024
Government CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities. Eduard KovacsMarch 28, 2024
Vulnerabilities US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software. Ionut ArghireMarch 26, 2024
Government CISA’s OT Attack Response Team Understaffed: GAO GAO study finds that CISA does not have enough staff to respond to significant OT attacks in multiple locations at the same time. Eduard KovacsMarch 12, 2024
Application Security CISA Outlines Efforts to Secure Open Source Software Concluding a two-day OSS security summit, CISA details key actions to help improve open source security. Ionut ArghireMarch 8, 2024
Government US Gov Says Software Measurability is ‘Hardest Problem to Solve’ White House calls for the “timely, complete, and consistent” publication of CVE and CWE data to help solve the security metrics problem. Ryan NaraineFebruary 27, 2024
Malware & Threats Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts US government and allies expose TTPs used by notorious Russian hacking teams and warn of the targeting of dormant cloud accounts. Ionut ArghireFebruary 26, 2024
Email Security CISA Warns of Roundcube Webmail Vulnerability Exploitation CISA has added the Roundcube flaw tracked as CVE-2023-43770 to its known exploited vulnerabilities catalog. Eduard KovacsFebruary 13, 2024
Malware & Threats US Says China’s Volt Typhoon Hackers ‘Pre-Positioning’ for Cyberattacks Against Critical Infrastructure New CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers. Ryan NaraineFebruary 7, 2024
Nation-State Ivanti Struggling to Hit Zero-Day Patch Release Schedule Ivanti is struggling to hit its own timeline for the delivery of patches for critical -- and already exploited -- flaws in its flagship... Ryan NaraineJanuary 29, 2024
ICS/OT Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations CISA informs organizations that Westermo Lynx switches are affected by eight vulnerabilities and some devices are reportedly exposed to the internet. Eduard KovacsJanuary 26, 2024
Malware & Threats CISA Issues Emergency Directive on Ivanti Zero-Days The US government’s cybersecurity agency CISA ramps up the pressure on organizations to mitigate two exploited Ivanti VPN vulnerabilities. Ryan NaraineJanuary 19, 2024