Security News

Head of the U.S. government's cybersecurity agency Jen Easterly introduced herself to the hacking community Thursday with a pledge to pursue transparent data sharing with the private sector and a call for "An ambitious national effort" to solve the cybersecurity skills shortage. In a carefully crafted video keynote at the annual Black Hat conference, the CISA director announced a new Joint Cyber Defense Collaborative to bring together federal agencies with big-tech players to manage the barrage of ransomware and supply chain attacks.

CISA has announced the launch of Joint Cyber Defense Collaborative, a partnership across public and private sectors focused on defending US critical infrastructure from ransomware and other cyber threats. The new initiative's goal is to allow CISA to develop cyber defense plans in collaboration with federal agencies, SLTT partners, and private sector orgs for national resilience against malicious cyber activity targeting critical infrastructure.

New guidance from the United States Cybersecurity and Infrastructure Security Agency and the National Security Agency provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments. An open source container orchestration system for deploying and managing applications in containers, Kubernetes is often deployed in cloud environments.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system. To help companies make their Kubernetes environment more difficult to compromise, the NSA and CISA released a 52-page cybersecurity technical report that offers guidance for admins to manage Kubernetes securely.

Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy platform offered by the Cybersecurity and Infrastructure Security Agency. "Through this crowdsourcing platform, Federal Civilian Executive Branch agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified," Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, explained.

The Cybersecurity and Infrastructure Security Agency today launched a new vulnerability disclosure policy platform for US federal civilian agencies. The newly launched VDP platform service allows Federal Civilian Executive Branch agencies to identify, monitor, and close security gaps in critical systems with the help of ethical hackers worldwide.

In a perfect world, CISA would laminate cards with the year's top 30 vulnerabilities: You could whip it out and ask a business if they've bandaged these specific wounds before you hand over your cash. According to the advisory, attackers are unlikely to stop coming after geriatric vulnerabilities, including CVE-2017-11882: a Microsoft Office remote code execution bug that was already near drinking age when it was patched at the age of 17 in 2017.

The overall mission of CISCP is to build cybersecurity resiliency and to harden the defenses of the U.S. and its strategic partners. Through analyst-to-analyst sharing of threat and vulnerability information, CISCP helps partners manage cybersecurity risks and enhances the collective ability to proactively detect, prevent, mitigate, respond to and recover from cybersecurity incidents.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks. CISA warned in April that threat actors had been exploiting four vulnerabilities - including one zero-day flaw tracked as CVE-2021-22893 - in Pulse Connect Secure VPN appliances offered by Pulse Secure, a company that was acquired last year by Ivanti.

The U.S. Cybersecurity and Infrastructure Security Agency released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. Today, CISA published analysis reports for 13 malware pieces, some of them comprised of multiple files, found on compromised Pulse Secure devices.