Security News

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
2024-08-28 06:50

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its...

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September
2024-08-24 07:03

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of...

CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
2024-08-20 04:53

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its...

CISA warns of Jenkins RCE bug exploited in ransomware attacks
2024-08-19 19:16

​CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. [...]

CISA warns critical SolarWinds RCE bug is exploited in attacks
2024-08-16 16:33

CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. [...]

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature
2024-08-09 05:41

The U.S. Cybersecurity and Infrastructure Security Agency has disclosed that threat actors are abusing the legacy Cisco Smart Install feature with the aim of accessing sensitive data. The agency said it has seen adversaries "Acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."

CISA warns about actively exploited Apache OFBiz RCE flaw
2024-08-08 19:43

The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. [...]

CISA warns of hackers abusing Cisco Smart Install feature
2024-08-08 17:23

CISA recommends disabling the legacy Cisco Smart Install feature after seeing it abused by threat actors in recent attacks to steal sensitive data, such as system configuration files. [...]

US elections have never been more secure, says CISA chief
2024-08-08 12:56

Black Hat US Cybersecurity and Infrastructure Security Agency director Jen Easterly and her counterparts from the UK and EU want the world to know that, when it comes to securing elections, they've never been more prepared. "I can say with confidence that election infrastructure has never been more secure," Easterly claimed, and she had a ready explanation as to why: "The election stakeholder community has never been stronger."

FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million
2024-08-08 06:13

The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. Attacks involving ransomware have targeted several critical infrastructure sectors spanning commercial facilities, healthcare and public health, government facilities, and critical manufacturing.