Security News

CISA launched a new version of Logging Made Easy, a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA's version reimagines technology developed by the United Kingdom's National Cyber Security Centre, making it available to a broader audience on GitHub.

In an email interview with TechRepublic, Jake Williams, faculty member at IANS Research and former NSA offensive hacker, said, "The publication highlights the challenges with comparing the features provided by vendors. CISA seems to be putting vendors on notice that they want vendors to be clear about what standards they do and don't support in their products, especially when a vendor only supports portions of a given standard." According to CISA and the NSA, the definitions and policies of the different variations of MFAs are unclear and confusing.

CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks. On October 4, when it released security updates, Atlassian advised customers to upgrade their Confluence instances as soon as possible to one of the fixed versions as the bug was already exploited in the wild as a zero-day.

The U.S. Cybersecurity and Infrastructure Security Agency has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks. Since its inception, CISA's RVWP has identified and shared details of over 800 vulnerable systems with internet-accessible vulnerabilities frequently targeted by various ransomware operations.

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence...

The US Cybersecurity and Infrastructure Security Agency and the National Security Agency are blaming unchanged default credentials as the prime security misconfiguration that leads to cyberattacks. The misconfigurations in the CSA illustrate a trend of systemic weaknesses in many large organizations, including those with mature cyber postures, and highlights the importance of software manufacturers embracing secure-by-design principles to reduce the burden on network defenders.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations. "These teams have assessed the security posture of many networks across the Department of Defense, Federal Civilian Executive Branch, state, local, tribal, and territorial governments, and the private sector," the NSA said.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while...

The US Fifth Circuit Court of Appeals has modified a ruling from last month to add the Cybersecurity and Infrastructure Security Agency to a list of US government entities prohibited from working with social media firms to curtail the spread of misinformation. In other words, stopping CISA from asking social media sites to restrict the reach of misinformation would interrupt the bulk of the Biden administration's moderation requests.