-
CISA shares guidance on how to prevent ransomware data breaches
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes.
- August 19, 2021
- 08:00 AM
0
-
CISA: BadAlloc impacts critical infrastructure using BlackBerry QNX
CISA today warned that IoT and OT security flaws known as BadAlloc impact BlackBerry's QNX Real Time Operating System (RTOS) used by critical infrastructure organizations.
- August 17, 2021
- 02:16 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
CISA teams up with Microsoft, Google, Amazon to fight ransomware
CISA has announced the launch of Joint Cyber Defense Collaborative (JCDC), a partnership across public and private sectors focused on defending US critical infrastructure from ransomware and other cyber threats.
- August 05, 2021
- 05:05 PM
- 3
-
NSA and CISA share Kubernetes security recommendations
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system.
- August 04, 2021
- 01:02 AM
- 0
-
CISA launches vulnerability disclosure platform for federal agencies
The Cybersecurity and Infrastructure Security Agency (CISA) today launched a new vulnerability disclosure policy (VDP) platform for US federal civilian agencies.
- July 30, 2021
- 04:08 PM
- 0
-
FBI reveals top targeted vulnerabilities of the last two years
A joint security advisory issued today by several cybersecurity agencies from the US, the UK, and Australia reveals the top 30 most targeted security vulnerabilities of the last two years.
- July 28, 2021
- 08:31 AM
- 0
-
CISA warns of stealthy malware found on hacked Pulse Secure devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products.
- July 21, 2021
- 02:42 PM
- 0
-
Chinese state hackers breached over a dozen US pipeline operators
Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees.
- July 21, 2021
- 10:00 AM
- 0
-
CISA orders federal agencies to patch Windows PrintNightmare bug
A new emergency directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) orders federal agencies to mitigate the actively exploited Window Print Spooler vulnerability on their networks.
- July 13, 2021
- 12:23 PM
- 0
-
CISA, FBI share guidance for victims of Kaseya ransomware attack
CISA and the Federal Bureau of Investigation (FBI) have shared guidance for managed service providers (MSPs) and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya's cloud-based MSP platform.
- July 05, 2021
- 10:35 AM
- 3
-
CISA: Disable Windows Print Spooler on servers not used for printing
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing.
- July 01, 2021
- 12:09 PM
- 0
-
CISA releases new ransomware self-assessment security audit tool
The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET).
- June 30, 2021
- 04:26 PM
- 2
-
CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday.
- April 21, 2021
- 11:53 AM
- 0
-
CISA gives federal agencies until Friday to patch Exchange servers
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday.
- April 13, 2021
- 05:59 PM
- 0
-
CISA releases tool to review Microsoft 365 post-compromise activity
The Cybersecurity and Infrastructure Security Agency (CISA) has released a companion Splunk-based dashboard that helps review post-compromise activity in Microsoft Azure Active Directory (AD), Office 365 (O365), and Microsoft 365 (M365) environments.
- April 08, 2021
- 05:39 PM
- 0
-
FBI and CISA warn of state hackers attacking Fortinet FortiOS servers
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS servers using multiple exploits.
- April 02, 2021
- 01:04 PM
- 0
-
CISA gives federal agencies 5 days to find hacked Exchange servers
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days.
- March 31, 2021
- 02:55 PM
- 0
-
CISA releases new SolarWinds malicious activity detection tool
The Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments.
- March 18, 2021
- 03:56 PM
- 2
-
CISA: No federal civilian agency hacked in Exchange attacks, so far
CISA officials said that, so far, there is no evidence of US federal civilian agencies compromised during ongoing attacks targeting Microsoft Exchange servers.
- March 11, 2021
- 11:14 AM
- 0
-
CISA takes over .GOV top-level domain (TLD) administration
The US Cybersecurity and Infrastructure Security Agency (CISA) is taking over the administration of the .GOV top-level domain (TLD) as its new policy and management authority starting next month.
- March 08, 2021
- 09:56 AM
- 0
