Cybersecurity

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Apr 26, 2024NewsroomNetwork Security / Zero Day Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in […]

Cybersecurity

FBI explains how companies can delay SEC cyber incident disclosures

The FBI has published guidance on how companies can request a delay in disclosing cyber incidents to the Securities and Exchange Commission (SEC). The document is a followup to new rules that the SEC approved in June requiring companies to quickly disclose “material” cybersecurity incidents and share the details of their cybersecurity risk management, strategy […]

Cybersecurity

CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations

The US cybersecurity agency CISA has published new guidance to help healthcare and public health organizations understand the cyber threats and risks to their sector and apply mitigations. Titled Mitigation Guide: Healthcare and Public Health (HPH) Sector (PDF), the document was released as a supplemental companion to a Cyber Risk Summary distributed in July, and […]

Cybersecurity

CISA Publishes Hardware Bill of Materials Framework

The US Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance designed to improve the accuracy of risk assessments related to hardware products in the supply chain. The Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management is the work of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) […]

Cybersecurity

CISA Releases Guidance on Adopting DDoS Mitigations

The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to help federal agencies adopt distributed denial-of-service (DDoS) mitigations. DDoS attacks are a type of cyberattack in which threat actors flood a server or network with internet traffic, exhausting its resources and rendering the target inaccessible. Meant to help federal agencies prevent “large-scale […]