The US cybersecurity agency CISA on Tuesday published a new document detailing its efforts in promoting the use of artificial intelligence (AI) to improve security and supporting critical infrastructure organizations in adopting AI. Aligned with national AI strategy, CISA’s Roadmap to AI (PDF) promotes beneficial uses of AI in enhancing cybersecurity capabilities and details the […]
Nov 14, 2023NewsroomCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday added five vulnerabilities to […]
Nov 09, 2023NewsroomCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552 (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be […]
Nov 09, 2023NewsroomCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552 (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be […]
The Cybersecurity and Infrastructure Security Agency (CISA) is working with industry stakeholders and government agencies on a new version of the National Cyber Incident Response Plan (NCIRP) — the framework that outlines the country’s response to significant cyber incidents. The updated plan was mandated in the 2023 National Cybersecurity Strategy, and CISA is now working […]
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC) today published “Phishing Guidance, Stopping the Attack Cycle at Phase One” to help organizations reduce likelihood and impact of successful phishing attacks. It provides detailed insight into malicious actor […]
The US cybersecurity agency CISA last week warned organizations about critical- and high-severity vulnerabilities discovered by researchers in a human-machine interface (HMI) product made by Taiwan-based Weintek. According to CISA, the impacted product, the Weintek cMT HMI, is used worldwide, including in critical manufacturing organizations, which are considered part of critical infrastructure. The vendor has […]
The US cybersecurity agency CISA is stepping up its efforts to prevent ransomware by making it easier for organizations to learn about vulnerabilities and misconfigurations exploited in these attacks. As part of its Ransomware Vulnerability Warning Pilot (RVWP) program launched in March, the agency has released two new resources to help organizations identify and eliminate […]
The FBI and the CISA recommend implementing application control mechanisms, limiting remote desktop services, and following best practices such as updating software and using strong passwords to defend against AvosLocker ransomware attacks.