Security News

CISA tags Microsoft SharePoint RCE bug as actively exploited
2024-03-27 16:24

CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks. These two SharePoint Server security vulnerabilities can be chained by unauthenticated attackers to gain RCE on unpatched servers, as STAR Labs researcher Nguyễn Tiến Giang demonstrated during last year's March 2023 Pwn2Own contest in Vancouver.

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability
2024-03-27 13:15

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on...

CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products
2024-03-26 04:54

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation....

CISA urges software devs to weed out SQL injection vulnerabilities
2024-03-25 18:26

CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection security vulnerabilities before shipping.In SQL injection attacks, threat actors "Inject" maliciously crafted SQL queries into input fields or parameters used in database queries, exploiting vulnerabilities in the application's security to execute unintended SQL commands, such as exfiltrating, manipulating, or deleting sensitive data stored in the database.

CISA: Here’s how you can foil DDoS attacks
2024-03-22 11:44

In light of the rise of "DDoS hacktivism" and the recent DDoS attacks aimed at disrupting French and Alabama government websites, the Cybersecurity and Infrastructure Security Agency has updated its guidance of how governmental entities should respond to this type of attacks. "The main advantage of a DDoS attack over a DoS attack is the ability to generate a significantly higher volume of traffic, overwhelming the target system's resources to a greater extent," the agency says.

CISA shares critical infrastructure defense tips against Chinese hackers
2024-03-19 20:18

CISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group. Together with the NSA, the FBI, other U.S. government agencies, and partner Five Eyes cybersecurity agencies, including cybersecurity agencies from Australia, Canada, the United Kingdom, and New Zealand, it also issued defense tips on detecting and defending against Volt Typhoon attacks.

Biden's budget proposal boosts CISA funding to $3b
2024-03-12 18:30

US President Joe Biden has asked Congress to approve an extra $103 million in funding for the Cybersecurity and Infrastructure Security Agency, bringing CISA's total budget to $3 billion. "To protect against foreign adversaries and safeguard Federal systems, the Budget bolsters cybersecurity by ensuring every agency is increasing the security of public services," according to the proposal [PDF].

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability
2024-03-08 06:13

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities...

CISA, NSA share best practices for securing cloud services
2024-03-07 23:05

The NSA and the Cybersecurity and Infrastructure Security Agency have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. Today, the NSA and CISA have issued five join documents on how to secure your cloud services using best practices.

CISA warns of Microsoft Streaming bug exploited in malware attacks
2024-03-01 19:18

CISA ordered U.S. Federal Civilian Executive Branch agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service that's actively exploited in attacks. Redmond patched the bug during the June 2023 Patch Tuesday, with proof-of-concept exploit code dropping on GitHub three months later, on September 24.