ICS/OT
MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems.
Hi, what are you looking for?
SecurityWeek
All posts tagged "CISA"
ICS/OT
Exploit code and root-cause analysis released by SinSinology document the problem as a case where VMware “forgot to regenerate” SSH keys.
Identity & Access
CISA has published a cyber defense plan outlining strategies to help critical infrastructure organizations reduce the risks associated with RMM software.
Vulnerabilities
CISA has added CVE-2023-38180, a zero-day vulnerability affecting .NET and Visual Studio, to its Known Exploited Vulnerabilities Catalog.
Government
CISA has unveiled its Cybersecurity Strategic Plan for the next 3 years, focusing on addressing immediate threats, hardening the terrain, and driving security.
Government
CISA Director Jen Easterly says more is needed to defend the integrity and resiliency of the election process ahead of the 2024 election.
Cloud Security
Facing intense pressure after Chinese APT hack, Microsoft plans to expand logging defaults for lower-tier M365 customers.
Application Security
VMware confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches.
Mobile & Wireless
CISA adds 6 Samsung mobile device flaws to its known exploited vulnerabilities catalog and they have likely been exploited by a spyware vendor.
Risk Management
Censys identified hundreds of devices within US federal agencies’ networks that expose their management interface to the internet.
Government
The US government's cybersecurity agency adds VMware and Roundcube server flaws to its Known Exploited Vulnerabilities (KEV) catalog.
ICS/OT
Enphase Energy has ignored CISA requests to fix remotely exploitable vulnerabilities in Enphase products.
Government
CISA’s Binding Operational Directive 23-02 requires federal agencies to secure the network management interfaces of certain classes of devices.
Vulnerabilities
Several old Linux vulnerabilities for which there are no public reports of malicious exploitation have been added to CISA’s KEV catalog.
Government
CISA has described and published a set of principles for the development of security-by-design and security-by-default cybersecurity products.
Ransomware
CISA has sent notifications to more than 60 organizations as part of a new initiative to alert entities of early-stage ransomware attacks.
Supply Chain Security
Chainguard OpenVEX Spec adds clarity to Supply Chain Vulnerability warnings specifications to help software vendors and maintainers communicate precise metadata about the vulnerability status...
Vulnerabilities
CISA gave federal agencies a February deadline to patch a critical vulnerability in the CentOS Control Web Panel utility.
Cyber Insurance
Cyberattack disrupted UNFI’s operations in June; company estimates $50–$60 million net income hit but anticipates insurance will cover most losses.
Nation-State
Data Breaches
Artificial Intelligence
Mobile & Wireless
Cloud Security
Virtual event brings together leading experts, practitioners, and innovators for a full day of insightful discussions and tactical guidance on evolving threats and real-world...
Cybersecurity Funding
Mobile & Wireless
Vulnerabilities
