Security News

US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool portal. Essentially, it's used to determine which facilities are deemed high risk under Chemical Facility Anti-Terrorism Standards regulations.

CISA is warning that its Chemical Security Assessment Tool environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans. While CISA would not share details about the incident, The Record's sources said it was the Infrastructure Protection Gateway and Chemical Security Assessment Tool.

The U.S. Cybersecurity and Infrastructure Security Agency has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs. Successful exploitation lets local attackers gain SYSTEM permissions in low-complexity attacks that don't require user interaction.

Today, the Cybersecurity and Infrastructure Security Agency warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. Those who suspect they're on the receiving end of a scam phone call where a criminal claims to be a CISA employee should never give in to their demands to send money, write down their phone number, and immediately hang up.

Please turn on your JavaScript for this page to function normally. CISA's late April AI and infrastructure guidelines address 16 sectors along with their cybersecurity needs and operations concerning the growth of AI as a tool to build both federal and vendor cybersecurity infrastructure in the federal marketplace.

The U.S. Cybersecurity & Infrastructure Security Agency has added two vulnerabilities in its Known Exploited Vulnerabilities catalog, including a Linux kernel privilege elevation flaw. In late March 2024, a security researcher using the alias 'Notselwyn' published a detailed write-up and proof-of-concept exploit on GitHub, showcasing how to achieve local privilege escalation by exploiting the flaw on Linux kernel versions between 5.14 and 6.6.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog,...

The U.S. Cybersecurity & Infrastructure Security Agency has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. Two days after disclosing CVE-2024-4761 Google announced that another vulnerability in Chrome's V8 engine has been exploited in the wild, but CISA has yet to add it to the KEV catalog.