Security News

CISA's Bad Practices catalog includes practices the federal agency has deemed "Exceptionally risky" and not to be used by organizations in the government and the private sector as it exposes them to an unnecessary risk of having their systems compromised by threat actors. These dangerous practices are "Especially egregious" on Internet-exposed systems that threat actors could target and compromise remotely.

The US Cybersecurity and Infrastructure Security Agency issued its first alert tagged as "Urgent," warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities. "Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207," CISA warned over the weekend.

The US Cybersecurity and Infrastructure Security Agency has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes."All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems."

CISA today warned that IoT and OT security flaws known as BadAlloc impact BlackBerry's QNX Real Time Operating System used by critical infrastructure organizations.BlackBerry QNX powers critical infrastructure systems.

LAS VEGAS - Just weeks after the U.S. Senate confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency, the new director spoke at Black Hat USA 2021 on Thursday, albeit virtually, announcing a major public-private partnership to fight cybercrime. Easterly replaced CISA acting director Brandon Wales after the agency's founder and former director Christopher Krebs was fired by former President Trump in 2020.

Head of the U.S. government's cybersecurity agency Jen Easterly introduced herself to the hacking community Thursday with a pledge to pursue transparent data sharing with the private sector and a call for "An ambitious national effort" to solve the cybersecurity skills shortage. In a carefully crafted video keynote at the annual Black Hat conference, the CISA director announced a new Joint Cyber Defense Collaborative to bring together federal agencies with big-tech players to manage the barrage of ransomware and supply chain attacks.

CISA has announced the launch of Joint Cyber Defense Collaborative, a partnership across public and private sectors focused on defending US critical infrastructure from ransomware and other cyber threats. The new initiative's goal is to allow CISA to develop cyber defense plans in collaboration with federal agencies, SLTT partners, and private sector orgs for national resilience against malicious cyber activity targeting critical infrastructure.

New guidance from the United States Cybersecurity and Infrastructure Security Agency and the National Security Agency provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments. An open source container orchestration system for deploying and managing applications in containers, Kubernetes is often deployed in cloud environments.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system. To help companies make their Kubernetes environment more difficult to compromise, the NSA and CISA released a 52-page cybersecurity technical report that offers guidance for admins to manage Kubernetes securely.

Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy platform offered by the Cybersecurity and Infrastructure Security Agency. "Through this crowdsourcing platform, Federal Civilian Executive Branch agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified," Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, explained.