The top U.S. cybersecurity agency is ordering all federal civilian agencies to patch three high-profile vulnerabilities in the next week because they are being exploited by hackers. On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco product vulnerabilities — CVE-2024-20353 and CVE-2024-20359 — as well as one vulnerability affecting popular file transfer […]
The Cybersecurity and Infrastructure Security Agency is targeting a Sept. 30 deadline to give federal agencies a list of example software products deemed critical for the federal government’s cyber posture. The target date comes from the agency’s responses to a Thursday Government Accountability Office oversight report that examines implementation of a major 2021 cybersecurity executive […]
Apr 23, 2024NewsroomNational Security Agency / Threat Intelligence The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early […]
The National Security Agency (NSA) issued a cybersecurity information sheet (CIS) on Monday to share best practices for deploying secure and resilient AI systems. The guidance marks the first release from the NSA’s Artificial Intelligence Security Center (AISC), which the agency stood up last year to promote the secure development, integration, and adoption of AI […]
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI) released Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations, a guidance document that details the latest tactics employed in foreign malign influence operations to shape U.S. policies, […]
A measure led by two House Republicans would enable the Environmental Protection Agency to certify a governing body to develop and recommend cybersecurity requirements for water treatment and wastewater systems. Reps. Rick Crawford, R-Ark. and John Duarte, R-Calif. unveiled the Water Risk and Resilience Organization Establishment Act on Thursday, with the aim of creating an […]
Apr 12, 2024NewsroomCyber Attack / Data Breach The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft’s systems that led to the theft of email correspondence with the company. The […]
Mar 27, 2024NewsroomThreat Intelligence / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw […]
Mar 26, 2024NewsroomCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities added are as follows – CVE-2023-48788 (CVSS score: 9.3) – Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 (CVSS score: 9.8) – […]