Security News

The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. CISA will share data from cyber incident reports, including defensive measures and anonymized cyber threat indicators, with other organizations.

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.

5G can reduce - but also create - security riskIn this interview with Help Net Security, Anubhav Arora, VP of Security Engineering at Cradlepoint, talks about the most common 5G security misconceptions, how to make sure the network is safe, but also how 5G can benefit businesses. 5 free resources from the Cybersecurity and Infrastructure Security AgencyThe Cybersecurity and Infrastructure Security Agency is an agency of the United States Department of Homeland Security.

Five steps to designing a futureproof asset intelligence program. While many factors play into the longevity and success of any cybersecurity initiative, there are five standout elements for building a cyber asset intelligence program to scale with an organization's size and evolving maturity.

The Cybersecurity and Infrastructure Security Agency is an agency of the United States Department of Homeland Security. CISA is in charge of enhancing cybersecurity and infrastructure protection at all levels of government, coordinating cybersecurity initiatives with American U.S. states, and enhancing defenses against cyberattacks.

Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability prioritization and remediation are a goal all organizations should aspire to achieve. Using automation - and the Common Security Advisory Framework, which "Provides a standardized format for ingesting vulnerability advisory information and simplify triage and remediation processes for asset owners." Clarifying the impact of vulnerabilities.

The U.S. Cybersecurity and Infrastructure Security Agency has published three Industrial Control Systems advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server, which "Could allow an attacker to obtain sensitive information and compromise the vulnerable device and other connected machines," CISA said.

U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country. "The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the agencies said.

The latest warnings flag up severe flaws in products from Advantech and Hitachi Energy, which serve both consumer and commercial markets. The twin advisories include alerts about security holes in Advantech's R-SeeNet that can be exploited by remote attackers to take control of this industrial network router monitoring software or to delete PDF files from the system.