-
US orders federal govt agencies to patch critical Log4j bug
US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days.
- December 17, 2021
- 12:35 PM
0
-
CISA warns critical infrastructure to stay vigilant for ongoing threats
The Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure organizations today to strengthen their cybersecurity defenses against potential and ongoing threats.
- December 15, 2021
- 01:47 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
CISA: Federal agencies required to patch Log4j by December 24th
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch systems against the critical Log4Shell remote code execution vulnerability and released mitigation guidance in response to active exploitation.
- December 14, 2021
- 09:46 AM
- 0
-
US govt warns of increased ransomware risks during holidays
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warned critical infrastructure partners and public/private sector organizations not to let down their defenses against ransomware attacks during the holiday season.
- November 22, 2021
- 01:45 PM
- 0
-
US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet
US, UK, and Australian cybersecurity agencies warned today of ongoing exploitation of Microsoft Exchange ProxyShell and Fortinet vulnerabilities linked to an Iranian-backed hacking group.
- November 17, 2021
- 09:44 AM
- 0
-
CISA releases cybersecurity response plans for federal agencies
The Cybersecurity and Infrastructure Security Agency (CISA) has released new cybersecurity response plans (known as playbooks) for federal civilian executive branch (FCEB) agencies.
- November 17, 2021
- 08:00 AM
- 0
-
Philips healthcare infomatics solution vulnerable to SQL injection
The Philips Tasy EMR, used by hundreds of hospitals as a medical record solution and healthcare management system, is vulnerable to two critical SQL injection flaws.
- November 05, 2021
- 11:23 AM
- 0
-
CISA urges vendors to patch BrakTooth bugs after exploits release
Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip (SoC) security bugs impacting multiple vendors, including Intel, Qualcomm, Texas Instruments, and Cypress.
- November 04, 2021
- 03:15 PM
- 0
-
CISA orders federal agencies to fix hundreds of exploited security flaws
CISA has issued this year's first binding operational directive (BOD) ordering federal civilian agencies to mitigate security vulnerabilities exploited in the wild within an aggressive timeline.
- November 03, 2021
- 08:10 AM
- 0
-
NSA and CISA share guidance on securing 5G cloud infrastructure
CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure.
- October 28, 2021
- 01:06 PM
- 0
-
FBI, CISA, NSA share defense tips for BlackMatter ransomware attacks
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) published today an advisory with details about how the BlackMatter ransomware gang operates.
- October 18, 2021
- 06:03 PM
- 0
-
CISA releases tool to help orgs fend off insider threat risks
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows public and private sector organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks.
- September 29, 2021
- 02:17 PM
- 0
-
NSA, CISA share VPN security tips to defend against hackers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for hardening the security of virtual private network (VPN) solutions.
- September 28, 2021
- 05:45 PM
- 0
-
FBI, CISA, and NSA warn of escalating Conti ransomware attacks
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warned today of an increased number of Conti ransomware attacks targeting US organizations.
- September 22, 2021
- 01:24 PM
- 0
-
FBI and CISA warn of state hackers exploiting critical Zoho bug
The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021.
- September 16, 2021
- 02:11 PM
- 0
-
Zoho patches actively exploited critical ADSelfService Plus bug
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in Zoho's ManageEngine ADSelfService Plus password management solution that allows them to take control of the system.
- September 08, 2021
- 03:36 PM
- 0
-
FBI, CISA: Ransomware attack risk increases on holidays, weekends
The FBI and CISA urged organizations not to let down their defenses against ransomware attacks during weekends or holidays to released a joint cybersecurity advisory issued earlier today.
- August 31, 2021
- 01:52 PM
- 1
-
CISA: Don’t use single-factor auth on Internet-exposed systems
Single-factor authentication (SFA) has been added today by the US Cybersecurity and Infrastructure Security Agency (CISA) to a very short list of cybersecurity bad practices it advises against.
- August 30, 2021
- 01:10 PM
- 0
-
CISA warns admins to urgently patch Exchange ProxyShell bugs
The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as "urgent," warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities.
- August 23, 2021
- 10:49 AM
- 0
-
The Week in Ransomware - August 20th 2021 - Exploiting Windows
Ransomware gangs continue to attack schools, companies, and even hospitals worldwide with little sign of letting up. Below we have tracked some of the ransomware stories that we are following this week.
- August 20, 2021
- 06:42 PM
- 0
.jpg)
