Security News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its...
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. [...]
CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. [...]
The U.S. Cybersecurity and Infrastructure Security Agency has disclosed that threat actors are abusing the legacy Cisco Smart Install feature with the aim of accessing sensitive data. The agency said it has seen adversaries "Acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. [...]
CISA recommends disabling the legacy Cisco Smart Install feature after seeing it abused by threat actors in recent attacks to steal sensitive data, such as system configuration files. [...]
Black Hat US Cybersecurity and Infrastructure Security Agency director Jen Easterly and her counterparts from the UK and EU want the world to know that, when it comes to securing elections, they've never been more prepared. "I can say with confidence that election infrastructure has never been more secure," Easterly claimed, and she had a ready explanation as to why: "The election stakeholder community has never been stronger."
The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. Attacks involving ransomware have targeted several critical infrastructure sectors spanning commercial facilities, healthcare and public health, government facilities, and critical manufacturing.