CISA Archives

Nation-State

Ivanti Struggling to Hit Zero-Day Patch Release Schedule

Ivanti is struggling to hit its own timeline for the delivery of patches for critical -- and already exploited -- flaws in its flagship...

Ryan NaraineJanuary 29, 2024

ICS/OT

Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations

CISA informs organizations that Westermo Lynx switches are affected by eight vulnerabilities and some devices are reportedly exposed to the internet.

Eduard KovacsJanuary 26, 2024

Malware & Threats

CISA Issues Emergency Directive on Ivanti Zero-Days

The US government’s cybersecurity agency CISA ramps up the pressure on organizations to mitigate two exploited Ivanti VPN vulnerabilities.

Ryan NaraineJanuary 19, 2024

Government

US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities

CISA, FBI and EPA document aims to help water and wastewater organizations improve their cyber resilience and incident response.

Ionut ArghireJanuary 19, 2024

Incident Response

US Gov Issues Warning for Androxgh0st Malware Attacks

A joint advisory from CISA and the FBI warns about Androxgh0st malware attacks ensnaring devices in a botnet.

Ionut ArghireJanuary 17, 2024

Malware & Threats

CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild

CISA released ICS advisories for FXC router and QNAP NRV flaws and added them to its known exploited vulnerabilities catalog.

Eduard KovacsDecember 22, 2023

ICS/OT

CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks

CISA is advising device makers to stop relying on customers to change default passwords following attacks targeting water sector ICS.

Eduard KovacsDecember 18, 2023

Network Security

CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance

The US cybersecurity agency CISA issues cybersecurity recommendations for the healthcare and public health sector.

Ionut ArghireDecember 18, 2023

Government

CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines

CISA is asking for public opinion on SCuBA secure configuration baselines for nine Google Workspace services.

Ionut ArghireDecember 13, 2023

Cyberwarfare

CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation

The US cybersecurity agency calls attention to a Russian APT targeting academia, defense, governmental organizations, NGOs and think-tanks.

Ryan NaraineDecember 7, 2023

Security Architecture

CISA Debuts ‘Secure by Design’ Alert Series

New CISA alerts shed light on the harm occurring when software vendors fail to implement secure by design principles.

Ionut ArghireNovember 30, 2023

Government

CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities

New CISA pilot program brings cutting-edge cybersecurity services to critical infrastructure entities that need support.

Ionut ArghireNovember 21, 2023

Artificial Intelligence

CISA Outlines AI-Related Cybersecurity Efforts

CISA details its efforts to promote the use of AI in cybersecurity and guide critical infrastructure in adopting AI.

Ionut ArghireNovember 15, 2023

Government

CISA, HHS Release Cybersecurity Healthcare Toolkit

CISA and the HHS have released resources for healthcare and public health organizations to improve their security.

Ionut ArghireOctober 26, 2023

Vulnerabilities

US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability

CISA, FBI, and MS-ISAC warn of potential widespread exploitation of CVE-2023-22515, a critical vulnerability in Atlassian Confluence.

Ionut ArghireOctober 17, 2023

Government

CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware

CISA is now flagging vulnerabilities and misconfigurations that are known to be exploited in ransomware attacks.

Ionut ArghireOctober 13, 2023

Vulnerabilities

CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws

CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range.

Eduard KovacsOctober 6, 2023

Government

Government Shutdown Could Bench 80% of CISA Staff

Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown.

Eduard KovacsSeptember 28, 2023

Government

CISA Unveils New HBOM Framework to Track Hardware Components

CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.

Ryan NaraineSeptember 27, 2023

Risk Management

Faster Patching Pace Validates CISA’s KEV Catalog Initiative

CISA says Known Exploited Vulnerabilities Catalog has helped federal agencies significantly accelerate their vulnerability remediation pace.

Ionut ArghireSeptember 22, 2023

SECURITYWEEK NETWORK:

ICS:

All posts tagged "CISA"

Nation-State

Ivanti Struggling to Hit Zero-Day Patch Release Schedule

ICS/OT

Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations

Malware & Threats

CISA Issues Emergency Directive on Ivanti Zero-Days

Government

US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities

Incident Response

US Gov Issues Warning for Androxgh0st Malware Attacks

Malware & Threats

CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild

ICS/OT

CISA Urges Manufacturers to Eliminate Default Passwords After Recent ICS Attacks

Network Security

CISA Flags Gaps in Healthcare Org’s Security Posture, Issues Security Guidance

Government

CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines

Cyberwarfare

CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation

Security Architecture

CISA Debuts ‘Secure by Design’ Alert Series

Government

CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities

Artificial Intelligence

CISA Outlines AI-Related Cybersecurity Efforts

Government

CISA, HHS Release Cybersecurity Healthcare Toolkit

Vulnerabilities

US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability

Government

CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware

Vulnerabilities

CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws

Government

Government Shutdown Could Bench 80% of CISA Staff

Government

CISA Unveils New HBOM Framework to Track Hardware Components

Risk Management

Faster Patching Pace Validates CISA’s KEV Catalog Initiative

Featured

Supply Chain Security

Cybersecurity Firms Impacted by Klue Supply Chain Attack

Vulnerabilities

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Funding/M&A

Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push

Data Breaches

Kodak Admits Data Breach After ShinyHunters Hack Claims

Vulnerabilities

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Vulnerabilities

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Hacker Conversations

Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker

Latest News

Artificial Intelligence

French President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation

Malware & Threats

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

Malware & Threats

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor

Malware & Threats

FortiBleed: 86,000 Fortinet Device Credentials Compromised

Funding/M&A

Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC

Malware & Threats

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown

Vulnerabilities

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Daily Briefing Newsletter