Security News

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

The U.S. Cybersecurity and Infrastructure Security Agency has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned by CISA, the Federal Bureau of Investigation, as well as Australian and Canadian organizations, is a follow-up to the 'Case for Memory Safe Roadmaps' released in December 2023, aimed at raising awareness about the importance of memory-safe code.

US cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool portal. Essentially, it's used to determine which facilities are deemed high risk under Chemical Facility Anti-Terrorism Standards regulations.

CISA is warning that its Chemical Security Assessment Tool environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans. While CISA would not share details about the incident, The Record's sources said it was the Infrastructure Protection Gateway and Chemical Security Assessment Tool.

The U.S. Cybersecurity and Infrastructure Security Agency has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs. Successful exploitation lets local attackers gain SYSTEM permissions in low-complexity attacks that don't require user interaction.

Today, the Cybersecurity and Infrastructure Security Agency warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. Those who suspect they're on the receiving end of a scam phone call where a criminal claims to be a CISA employee should never give in to their demands to send money, write down their phone number, and immediately hang up.

Please turn on your JavaScript for this page to function normally. CISA's late April AI and infrastructure guidelines address 16 sectors along with their cybersecurity needs and operations concerning the growth of AI as a tool to build both federal and vendor cybersecurity infrastructure in the federal marketplace.

The U.S. Cybersecurity & Infrastructure Security Agency has added two vulnerabilities in its Known Exploited Vulnerabilities catalog, including a Linux kernel privilege elevation flaw. In late March 2024, a security researcher using the alias 'Notselwyn' published a detailed write-up and proof-of-concept exploit on GitHub, showcasing how to achieve local privilege escalation by exploiting the flaw on Linux kernel versions between 5.14 and 6.6.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence...