Government CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws The US government's cybersecurity agency adds VMware and Roundcube server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Ionut ArghireJune 23, 2023
ICS/OT Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws Enphase Energy has ignored CISA requests to fix remotely exploitable vulnerabilities in Enphase products. Ionut ArghireJune 21, 2023
Government CISA Instructs Federal Agencies to Secure Internet-Exposed Devices CISA’s Binding Operational Directive 23-02 requires federal agencies to secure the network management interfaces of certain classes of devices. Ionut ArghireJune 14, 2023
Vulnerabilities CISA: Several Old Linux Vulnerabilities Exploited in Attacks Several old Linux vulnerabilities for which there are no public reports of malicious exploitation have been added to CISA’s KEV catalog. Eduard KovacsMay 15, 2023
Government CISA Introduces Secure-by-design and Secure-by-default Development Principles CISA has described and published a set of principles for the development of security-by-design and security-by-default cybersecurity products. Kevin TownsendApril 14, 2023
Ransomware CISA Gets Proactive With New Pre-Ransomware Alerts CISA has sent notifications to more than 60 organizations as part of a new initiative to alert entities of early-stage ransomware attacks. Ionut ArghireMarch 24, 2023
Supply Chain Security OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings Chainguard OpenVEX Spec adds clarity to Supply Chain Vulnerability warnings specifications to help software vendors and maintainers communicate precise metadata about the vulnerability status... Ryan NaraineJanuary 31, 2023
Vulnerabilities Exploited Control Web Panel Flaw Added to CISA ‘Must-Patch’ List CISA gave federal agencies a February deadline to patch a critical vulnerability in the CentOS Control Web Panel utility. Ryan NaraineJanuary 18, 2023