Tag: cisa
-
CISA urges switch to Signal-like encrypted messaging apps after telecom hacks
by
in SecurityNewsToday, CISA urged senior government and political officials to switch to end-to-end encrypted messaging apps like Signal following a wave of telecom breaches across dozens of countries, including eight carriers in the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-urges-switch-to-signal-like-encrypted-messaging-apps-after-telecom-hacks/
-
CISA orders federal agencies to meet security baselines in Microsoft 365
by
in SecurityNewsThe mandate to secure cloud environments is responsive to recent cybersecurity incidents, but not one specific threat, agency officials said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-mandate-microsoft-cloud-baselines/735917/
-
US Government Issues Cloud Security Requirements for Federal Agencies
by
in SecurityNewsA CISA Directive sets out actions all US federal agencies must take to identify and secure cloud tenants in their environments First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cloud-security-federal-agencies/
-
CISA Issues Binding Operational Directive for Improved Cloud Security
by
in SecurityNewsCISA’s Binding Operational Directive 25-01 requires federal agencies to align cloud environments with SCuBA secure configuration baselines. The post CISA Issues Binding Operational Directive for Improved Cloud Security appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-issues-binding-operational-directive-for-improved-cloud-security/
-
CISA Releases Secure Practices for Microsoft 365 Cloud Services
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01: Implementing Secure Practices for Cloud Services, to enhance the cybersecurity posture of Federal Civilian Executive Branch (FCEB) agencies utilizing cloud services, including Microsoft 365. This directive, unveiled on December 17, 2024, introduces a set of Secure Configuration Baselines and assessment tools…
-
HiatusRAT Campaign Targets Web Cameras and DVRs: FBI Warns of Rising IoT Exploits
The FBI, in collaboration with CISA, has issued a new alert regarding the HiatusRAT malware campaign. The latest iteration of the campaign has shifted its focus to Internet of Things... First seen on securityonline.info Jump to article: securityonline.info/hiatusrat-campaign-targets-web-cameras-and-dvrs-fbi-warns-of-rising-iot-exploits/
-
CISA orders federal agencies to secure Microsoft cloud systems after ‘recent’ intrusions
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) issued a binding directive on Tuesday giving federal agencies a series of deadlines to identify cloud systems, implement assessment tools and abide by the agency’s Secure Cloud Business Applications (SCuBA) secure configuration baselines.]]> First seen on therecord.media Jump to article: therecord.media/cisa-orders-federal-agencies-to-secure-microsoft-cloud-systems
-
CISA Orders Secure Cloud Configurations for Federal Agencies
by
in SecurityNewsFederal Agencies Tasked with Adopting New Cloud Security Policies Beginning in 2025. The Cybersecurity and Infrastructure Security Agency is requiring federal agencies to adopt secure cloud configurations, integrate monitoring tools and report cloud systems starting in 2025 as part of an effort to address vulnerabilities in part exposed by the SolarWinds attack. First seen on…
-
CISA Orders Secure Cloud Configurations for Federal Agencies
by
in SecurityNewsFederal Agencies Tasked with Adopting New Cloud Security Policies Beginning in 2025. The Cybersecurity and Infrastructure Security Agency is requiring federal agencies to adopt secure cloud configurations, integrate monitoring tools and report cloud systems starting in 2025 as part of an effort to address vulnerabilities in part exposed by the SolarWinds attack. First seen on…
-
CISA delivers new directive to agencies on securing cloud environments
by
in SecurityNewsThe cyber agency’s SCuBA guidelines were developed after pilots with 13 agencies and continue a post-SolarWinds cloud strategy. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-scuba-baselines-cloud-security-directive/
-
CISA orders federal agencies to secure Microsoft 365 tenants
by
in SecurityNewsCISA has issued this year’s first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their Microsoft 365 cloud environments by implementing a list of required configuration baselines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-secure-microsoft-365-tenants/
-
CISA Directs Federal Agencies to Secure Cloud Environments
by
in SecurityNewsActions direct agencies to deploy specific security configurations to reduce cyber-risk. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/cisa-directs-federal-agencies-secure-cloud-environments
-
CISA’s pre-ransomware alerts nearly doubled in 2024
by
in SecurityNewsThe federal agency’s efforts to improve defenses surged in fiscal year 2024. Yet, attacks continue to climb. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-pre-ransomware-alerts-double/735785/
-
CISA Seeking Public Comment on Updated National Cyber Incident Response Plan
by
in SecurityNewsCISA has updated its National Cyber Incident Response Plan in line with the changing threat landscape and is now seeking public comment. The post CISA Seeking Public Comment on Updated National Cyber Incident Response Plan appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-seeking-public-comment-on-updated-national-cyber-incident-response-plan/
-
US Water Facilities Urged to Secure Access to Internet-Exposed HMIs
by
in SecurityNewsEPA and CISA urge organizations in the water and wastewater systems sector to harden remote access to internet-exposed human-machine interfaces (HMIs). The post US Water Facilities Urged to Secure Access to Internet-Exposed HMIs appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/us-water-facilities-urged-to-secure-access-to-internet-exposed-hmis/
-
CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities
by
in SecurityNewsCISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild. The post CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-exploited-adobe-coldfusion-windows-vulnerabilities/
-
U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: access, adobe, cisa, control, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference (CVE-2024-35250) and Adobe ColdFusion Improper Access Control (CVE-2024-20767) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The…
-
CISA Warns of Adobe Windows Kernel Driver Vulnerabilities Exploited in Attacks
by
in SecurityNews
Tags: access, adobe, attack, cisa, control, cve, cyber, cybersecurity, exploit, infrastructure, kev, malicious, risk, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding two significant vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, actively exploited by malicious actors, underscore the growing risks facing organizations. Adobe ColdFusion Access Control Weakness (CVE-2024-20767) One of the newly added vulnerabilities, CVE-2024-20767, affects Adobe ColdFusion due to improper access…
-
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign
by
in SecurityNews
Tags: access, adobe, cisa, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of flaws is below -CVE-2024-20767 (CVSS score: 7.4) – Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or…
-
The shifting security landscape: 2025 predictions and challenges
by
in SecurityNewsAs the borderless threat ecosystem poses new challenges for companies and governments worldwide, CISA’s 2025-2026 International Plan aims to address this problem. CISA’s … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/17/2025-cybersecurity-predictions/
-
CISA releases first draft of updated National Cyber Incident Response Plan
by
in SecurityNewsThe long-awaited update to the National Cyber Incident Response Plan (NCIRP), the first proposed changes since it was released in 2016, outlines what the government would do in response to a large-scale cyberattack impacting the national economy.]]> First seen on therecord.media Jump to article: therecord.media/cisa-first-draft-updated-cyber-plan
-
CISA Urges Enhanced Coordination in Incident Response Plan
by
in SecurityNewsDraft National Response Plan Offers Flexible Coordination Strategies Across Sectors. A draft update to the National Cyber Incident Response Plan aims to enhance federal coordination with both the public and private sectors to better address significant cyber incidents, establishing clear roles for federal cyber entities and emphasizing efficient threat response measures. First seen on govinfosecurity.com…
-
CISA pitches updated cyber incident response plan as an ‘agile, actionable’ framework
by
in SecurityNewsThe agency is seeking public comment on its much-anticipated draft update to 2016’s PPD-41. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-national-cyber-incident-response-plan-comments/
-
Windows kernel bug now exploited in attacks to gain SYSTEM privileges
by
in SecurityNewsCISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-kernel-bug-now-exploited-in-attacks-to-gain-system-privileges/
-
CISA, ONCD propose updated National Cyber Incident Response Plan
by
in SecurityNewsThe updated framework is designed to bolster the government’s partnership with private-sector organizations in the wake of an attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/national-cyber-incident-response-plan-update/735660/
-
CISA and EPA Warn of Cyber Risks to Water System Interfaces
by
in SecurityNewsCISA and EPA have published guidance for operators of water and wastewater systems to protect against cyber-attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-epa-warn-cyberrisks-water/
-
FBI, CISA issue warning for cross Apple-Android texting
by
in SecurityNewsCISA and the FBI recently released a joint statement that the People’s Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/fbi-cisa-issue-warning-for-cross-apple-android-texting/
-
CISA and EPA Warn: Internet-Exposed HMIs Pose Serious Cybersecurity Risks to Water Systems
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) have jointly released a crucial fact sheet highlighting the cybersecurity risks posed by Internet-exposed Human Machine Interfaces (HMIs) in the Water and Wastewater Systems (WWS) sector. The fact sheet, titled Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems, offers practical…
-
Security Affairs newsletter Round 502 by Pierluigi Paganini INTERNATIONAL EDITION
by
in SecurityNewsA new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. IOCONTROL cyberweapon used to target infrastructure in the US and Isreael U.S. CISA adds Cleo Harmony, VLTrader, and…