Security Architecture
New CISA alerts shed light on the harm occurring when software vendors fail to implement secure by design principles.
Hi, what are you looking for?
SecurityWeek
All posts tagged "CISA"
Government
New CISA pilot program brings cutting-edge cybersecurity services to critical infrastructure entities that need support.
Artificial Intelligence
CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI.
Government
CISA and the HHS have released resources for healthcare and public health organizations to improve their security.
Vulnerabilities
CISA, FBI, and MS-ISAC warn of potential widespread exploitation of CVE-2023-22515, a critical vulnerability in Atlassian Confluence.
Government
CISA is now flagging vulnerabilities and misconfigurations that are known to be exploited in ransomware attacks.
Vulnerabilities
CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range.
Government
Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown.
Government
CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.
Risk Management
CISA says Known Exploited Vulnerabilities Catalog has helped federal agencies significantly accelerate their vulnerability remediation pace.
Government
CISA has released new guidance on how federal agencies can integrate identity and access management into their ICAM architecture.
Fraud & Identity Theft
CISA, FBI and NSA have published a cybersecurity report on deepfakes and recommendations for identifying and responding to such threats.
Cyberwarfare
APTs exploited vulnerabilities in Zoho ManageEngine and Fortinet VPNs to hack an aerospace organization in early January 2023.
Government
CISA has released new guidance to help federal agencies decide upon and prioritize DDoS mitigations based on mission and reputational impact.
CISO Strategy
Peiter ‘Mudge’ Zatko joins the US government's cybersecurity agency to preach the gospel of security-by-design and secure-by-default development principles.
ICS/OT
MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems.
ICS/OT
Exploit code and root-cause analysis released by SinSinology document the problem as a case where VMware “forgot to regenerate” SSH keys.
Identity & Access
CISA has published a cyber defense plan outlining strategies to help critical infrastructure organizations reduce the risks associated with RMM software.
Vulnerabilities
CISA has added CVE-2023-38180, a zero-day vulnerability affecting .NET and Visual Studio, to its Known Exploited Vulnerabilities Catalog.
Government
CISA has unveiled its Cybersecurity Strategic Plan for the next 3 years, focusing on addressing immediate threats, hardening the terrain, and driving security.
Malware & Threats
The DanaBot botnet ensnared over 300,000 devices and caused more than $50 million in damages before being disrupted.
Incident Response
Vulnerabilities
Incident Response
Malware & Threats
A Chinese espionage group has been chaining two recent Ivanti EPMM vulnerabilities in attacks against organizations in multiple critical sectors.
Incident Response
