Security News

The U.S. Cybersecurity and Infrastructure Security Agency has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks. Since its inception, CISA's RVWP has identified and shared details of over 800 vulnerable systems with internet-accessible vulnerabilities frequently targeted by various ransomware operations.

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence...

The US Cybersecurity and Infrastructure Security Agency and the National Security Agency are blaming unchanged default credentials as the prime security misconfiguration that leads to cyberattacks. The misconfigurations in the CSA illustrate a trend of systemic weaknesses in many large organizations, including those with mature cyber postures, and highlights the importance of software manufacturers embracing secure-by-design principles to reduce the burden on network defenders.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations. "These teams have assessed the security posture of many networks across the Department of Defense, Federal Civilian Executive Branch, state, local, tribal, and territorial governments, and the private sector," the NSA said.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while...

The US Fifth Circuit Court of Appeals has modified a ruling from last month to add the Cybersecurity and Infrastructure Security Agency to a list of US government entities prohibited from working with social media firms to curtail the spread of misinformation. In other words, stopping CISA from asking social media sites to restrict the reach of misinformation would interrupt the bulk of the Biden administration's moderation requests.

The US's Cybersecurity and Infrastructure Security Agency has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities Catalog.With its addition to the KEV Catalog, CISA has effectively indicated that exploits for the vulnerability pose a "Significant risk to the federal enterprise," and agencies in the Federal Civilian Executive Branch have been set a three-week deadline of October 23 to apply the recommended fixes.

CISA also plans to create a guide to best practices in open source security for government entities and critical infrastructure organizations, according to the roadmap. CISA notes that open source software can lead to great innovation; however, CISA said, vulnerabilities like the widespread Log4shell vulnerability in 2021 mean open source software can introduce insidious flaws in widely-used code.

The U.S. Cybersecurity & Infrastructure Security Agency has announced it is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect these crucial units from hacker attacks. "(CISA) can help your drinking water and wastewater system identify and address vulnerabilities with a no-cost vulnerability scanning service subscription.