Tag: CISA
-
The Register: Here’s what happens if you don’t layer network security – or remove unused web shells
Source URL: https://www.theregister.com/2024/11/22/cisa_red_team_exercise/ Source: The Register Title: Here’s what happens if you don’t layer network security – or remove unused web shells Feedly Summary: TL;DR: Attackers will break in and pwn you, as a US government red team demonstrated The US Cybersecurity and Infrastructure Agency often breaks into critical organizations’ networks – with their permission,…
-
Alerts: CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-releases-insights-red-team-assessment-us-critical-infrastructure-sector-organization Source: Alerts Title: CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization Feedly Summary: Today, CISA released Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization in coordination with the assessed organization. This cybersecurity advisory details lessons learned and key…
-
Alerts: CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-and-partners-release-update-bianlian-ransomware-cybersecurity-advisory Source: Alerts Title: CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory Feedly Summary: Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise…
-
Alerts: 2024 CWE Top 25 Most Dangerous Software Weaknesses
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/2024-cwe-top-25-most-dangerous-software-weaknesses Source: Alerts Title: 2024 CWE Top 25 Most Dangerous Software Weaknesses Feedly Summary: The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical…
-
Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors…
-
Alerts: USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/usda-releases-success-story-detailing-implementation-phishing-resistant-multi-factor-authentication Source: Alerts Title: USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication Feedly Summary: Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its…
-
CSA: 5 Big Cybersecurity Laws to Know About Ahead of 2025
Source URL: https://www.schellman.com/blog/cybersecurity/2025-cybersecurity-laws Source: CSA Title: 5 Big Cybersecurity Laws to Know About Ahead of 2025 Feedly Summary: AI Summary and Description: Yes Summary: The text outlines upcoming cybersecurity regulations set to take effect in 2025, emphasizing the need for organizations to prepare adequately to avoid non-compliance penalties. Key regulations include the NIS 2 Directive,…