Security News

The Cybersecurity and Infrastructure Security Agency today launched a new vulnerability disclosure policy platform for US federal civilian agencies. The newly launched VDP platform service allows Federal Civilian Executive Branch agencies to identify, monitor, and close security gaps in critical systems with the help of ethical hackers worldwide.

In a perfect world, CISA would laminate cards with the year's top 30 vulnerabilities: You could whip it out and ask a business if they've bandaged these specific wounds before you hand over your cash. According to the advisory, attackers are unlikely to stop coming after geriatric vulnerabilities, including CVE-2017-11882: a Microsoft Office remote code execution bug that was already near drinking age when it was patched at the age of 17 in 2017.

The overall mission of CISCP is to build cybersecurity resiliency and to harden the defenses of the U.S. and its strategic partners. Through analyst-to-analyst sharing of threat and vulnerability information, CISCP helps partners manage cybersecurity risks and enhances the collective ability to proactively detect, prevent, mitigate, respond to and recover from cybersecurity incidents.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks. CISA warned in April that threat actors had been exploiting four vulnerabilities - including one zero-day flaw tracked as CVE-2021-22893 - in Pulse Connect Secure VPN appliances offered by Pulse Secure, a company that was acquired last year by Ivanti.

The U.S. Cybersecurity and Infrastructure Security Agency released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. Today, CISA published analysis reports for 13 malware pieces, some of them comprised of multiple files, found on compromised Pulse Secure devices.

CISA says multiple threat actors are exploiting the Windows 'PrintNightmare' vulnerability. The United States Cybersecurity and Infrastructure Security Agency on Tuesday issued Emergency Directive 21-04, which requires all federal agencies to apply the available patches for the recently disclosed Microsoft Print Spooler service vulnerability within one week.

A new emergency directive issued by the Cybersecurity and Infrastructure Security Agency orders federal agencies to mitigate the actively exploited Window Print Spooler vulnerability on their networks. CISA issued the Emergency Directive 21-04 after Microsoft released security updates on Friday to address the vulnerability dubbed PrintNightmare in all supported Windows versions.

Jen Easterly, former NSA official and Morgan Stanley vet, will take up the lead at CISA as the ransomware scourge rages on. The U.S. has made a key move to shore up its cybersecurity strategy, with the confirmation of Jen Easterly as the director of the Cybersecurity and Infrastructure Security Agency on Monday.

The United States Cybersecurity and Infrastructure Security Agency has published the results of the Risk and Vulnerability Assessments it conducted in fiscal year 2020, revealing some of the security weaknesses that impact government and critical infrastructure organizations. CISA conducted a total of 37 RVAs, leveraging the MITRE ATT&CK framework to provide a better understanding of risks and help organizations remediate weaknesses that threat actors might abuse in live attacks to compromise network security controls.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday published an advisory to inform organizations about a total of 15 vulnerabilities affecting Philips Vue healthcare products. The flaws, many of which exist in third-party components, affect several Philips Clinical Collaboration Platform Portal products, including MyVue, Vue Speech and Vue Motion, CISA said.