CISA Archives

ICS/OT

Russian Hackers Target Industrial Systems in North America, Europe

Government agencies are sharing recommendations following attacks claimed by pro-Russian hacktivists on ICS/OT systems.

Eduard KovacsMay 2, 2024

Artificial Intelligence

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure

New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy.

Ryan NaraineApril 29, 2024

Data Breaches

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft

The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts "presents a grave and unacceptable risk to federal agencies."

Ryan NaraineApril 11, 2024

Data Breaches

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets

The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics...

Ryan NaraineApril 11, 2024

Government

CISA Releases Malware Next-Gen Analysis System for Public Use

CISA's Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis.

Ryan NaraineApril 10, 2024

Government

CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities

CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities.

Eduard KovacsMarch 28, 2024

Vulnerabilities

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities

CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software.

Ionut ArghireMarch 26, 2024

Government

CISA’s OT Attack Response Team Understaffed: GAO

GAO study finds that CISA does not have enough staff to respond to significant OT attacks in multiple locations at the same time.

Eduard KovacsMarch 12, 2024

Application Security

CISA Outlines Efforts to Secure Open Source Software

Concluding a two-day OSS security summit, CISA details key actions to help improve open source security.

Ionut ArghireMarch 8, 2024

Government

US Gov Says Software Measurability is ‘Hardest Problem to Solve’

White House calls for the “timely, complete, and consistent” publication of CVE and CWE data to help solve the security metrics problem.

Ryan NaraineFebruary 27, 2024

Malware & Threats

Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts

US government and allies expose TTPs used by notorious Russian hacking teams and warn of the targeting of dormant cloud accounts.

Ionut ArghireFebruary 26, 2024

Email Security

CISA Warns of Roundcube Webmail Vulnerability Exploitation

CISA has added the Roundcube flaw tracked as CVE-2023-43770 to its known exploited vulnerabilities catalog.

Eduard KovacsFebruary 13, 2024

Malware & Threats

US Says China’s Volt Typhoon Hackers ‘Pre-Positioning’ for Cyberattacks Against Critical Infrastructure

New CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers.

Ryan NaraineFebruary 7, 2024

Nation-State

Ivanti Struggling to Hit Zero-Day Patch Release Schedule

Ivanti is struggling to hit its own timeline for the delivery of patches for critical -- and already exploited -- flaws in its flagship...

Ryan NaraineJanuary 29, 2024

ICS/OT

Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations

CISA informs organizations that Westermo Lynx switches are affected by eight vulnerabilities and some devices are reportedly exposed to the internet.

Eduard KovacsJanuary 26, 2024

Malware & Threats

CISA Issues Emergency Directive on Ivanti Zero-Days

The US government’s cybersecurity agency CISA ramps up the pressure on organizations to mitigate two exploited Ivanti VPN vulnerabilities.

Ryan NaraineJanuary 19, 2024

Government

US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities

CISA, FBI and EPA document aims to help water and wastewater organizations improve their cyber resilience and incident response.

Ionut ArghireJanuary 19, 2024

Incident Response

US Gov Issues Warning for Androxgh0st Malware Attacks

A joint advisory from CISA and the FBI warns about Androxgh0st malware attacks ensnaring devices in a botnet.

Ionut ArghireJanuary 17, 2024

Malware & Threats

CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild

CISA released ICS advisories for FXC router and QNAP NRV flaws and added them to its known exploited vulnerabilities catalog.

Eduard KovacsDecember 22, 2023

ICS/OT

CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks

CISA is advising device makers to stop relying on customers to change default passwords following attacks targeting water sector ICS.

Eduard KovacsDecember 18, 2023

SECURITYWEEK NETWORK:

ICS:

All posts tagged "CISA"

ICS/OT

Russian Hackers Target Industrial Systems in North America, Europe

Artificial Intelligence

CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure

Data Breaches

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft

Data Breaches

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets

Government

CISA Releases Malware Next-Gen Analysis System for Public Use

Government

CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities

Vulnerabilities

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities

Government

CISA’s OT Attack Response Team Understaffed: GAO

Application Security

CISA Outlines Efforts to Secure Open Source Software

Government

US Gov Says Software Measurability is ‘Hardest Problem to Solve’

Malware & Threats

Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts

Email Security

CISA Warns of Roundcube Webmail Vulnerability Exploitation

Malware & Threats

US Says China’s Volt Typhoon Hackers ‘Pre-Positioning’ for Cyberattacks Against Critical Infrastructure

Nation-State

Ivanti Struggling to Hit Zero-Day Patch Release Schedule

ICS/OT

Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations

Malware & Threats

CISA Issues Emergency Directive on Ivanti Zero-Days

Government

US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities

Incident Response

US Gov Issues Warning for Androxgh0st Malware Attacks

Malware & Threats

CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild

ICS/OT

CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks

Featured

IoT Security

New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches

Cybercrime

Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified

Artificial Intelligence

Cyera Raises $540 Million to Expand AI-Powered Data Security Platform

Incident Response

Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’

Cybercrime

Whole Foods Distributor United Natural Foods Hit by Cyberattack

Government

Trump Cybersecurity Executive Order Targets Digital Identity, Sanctions Policies

Malware & Threats

Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure

Latest News

Government

Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones

Artificial Intelligence

The AI Arms Race: Deepfake Generation vs. Detection

Artificial Intelligence

Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior

Risk Management

Webcast Video: Rethinking Endpoint Hardening for Today’s Attack Landscape

Artificial Intelligence

‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot

Mobile & Wireless

The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce

Cybercrime

Surge in Cyberattacks Targeting Journalists: Cloudflare

Daily Briefing Newsletter