Vulnerabilities US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability CISA, FBI, and MS-ISAC warn of potential widespread exploitation of CVE-2023-22515, a critical vulnerability in Atlassian Confluence. Ionut ArghireOctober 17, 2023
Government CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware CISA is now flagging vulnerabilities and misconfigurations that are known to be exploited in ransomware attacks. Ionut ArghireOctober 13, 2023
Vulnerabilities CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range. Eduard KovacsOctober 6, 2023
Government Government Shutdown Could Bench 80% of CISA Staff Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown. Eduard KovacsSeptember 28, 2023
Government CISA Unveils New HBOM Framework to Track Hardware Components CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products. Ryan NaraineSeptember 27, 2023
Risk Management Faster Patching Pace Validates CISA’s KEV Catalog Initiative CISA says Known Exploited Vulnerabilities Catalog has helped federal agencies significantly accelerate their vulnerability remediation pace. Ionut ArghireSeptember 22, 2023
Government CISA Releases New Identity and Access Management Guidance CISA has released new guidance on how federal agencies can integrate identity and access management into their ICAM architecture. Ionut ArghireSeptember 18, 2023
Fraud & Identity Theft US Agencies Publish Cybersecurity Report on Deepfake Threats CISA, FBI and NSA have published a cybersecurity report on deepfakes and recommendations for identifying and responding to such threats. Eduard KovacsSeptember 13, 2023
Cyberwarfare US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities APTs exploited vulnerabilities in Zoho ManageEngine and Fortinet VPNs to hack an aerospace organization in early January 2023. Ionut ArghireSeptember 8, 2023
Government CISA Releases Guidance on Adopting DDoS Mitigations CISA has released new guidance to help federal agencies decide upon and prioritize DDoS mitigations based on mission and reputational impact. Ionut ArghireSeptember 7, 2023
CISO Strategy CISA Hires ‘Mudge’ to Work on Security-by-Design Principles Peiter ‘Mudge’ Zatko joins the US government's cybersecurity agency to preach the gospel of security-by-design and secure-by-default development principles. Ryan NaraineSeptember 5, 2023
ICS/OT MITRE and CISA Release Open Source Tool for OT Attack Emulation MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems. Ionut ArghireSeptember 5, 2023