CISA Expands Vulnerabilities Catalog With Old, Exploited Flaws

The Cybersecurity and Infrastructure Security Agency (CISA) has added six known flaws to its Known Exploited Vulnerabilities Catalog on September 15, 2022. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose a significant risk to the federal enterprise,” the Agency wrote. The six issues include three that affect the

CISA, NSA and npm Release Software Supply Chain Guidance

The US government has issued new guidance for developers designed to improve the security of the software supply chain, and in so doing make the nation’s critical infrastructure more resilient. The document, Securing the Software Supply Chain for Developers, was published by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the

CISA Releases Guidelines to Aid Companies Transition to Post-quantum Cryptography

The Cybersecurity and Infrastructure Security Agency (CISA) has released an Insight document named ‘Preparing Critical Infrastructure for Post-Quantum Cryptography.’ The resource aims to provide an overview of the potential impacts of quantum computing on National Critical Functions (NCFs), alongside recommended actions critical infrastructure and government network owners and operators should take to prepare for the

CISA Adds Palo Alto Networks’ PAN-OS Vulnerability to Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw affecting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog on Monday. Tracked CVE-2022-0028, the vulnerability has a CVSS of 8.6 and is based on the misconfiguration of the PAN-OS URL filtering policy, which could allow a network-based unauthenticated attacker to perform

CISA Warns of Hackers Exploiting Multiple Vulnerabilities in the Zimbra Collaboration Suite

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new advisory warning of threat actors actively exploiting five different vulnerabilities in the Zimbra Collaboration Suite (ZCS). The document was compiled in collaboration with the Multi-State Information Sharing & Analysis Center (MS-ISAC) and explains how threat actors may be targeting unpatched ZCS instances in both

#DEFCON: CISA Director Praises Congress and International Cybersecurity Cooperation

Jen Easterly, director of the United States’ Cybersecurity and Infrastructure Agency (CISA), is on a mission to enlist security professionals to help defend the free world. In a session at the DEFCON 30 security conference in Las Vegas, USA, Easterly was joined by DEFCON founder Jeff Moss to discuss the role and progress of CISA in

CISA Unveils Cybersecurity Toolkit to Shield U.S. Elections From Hackers

The US Cybersecurity and Infrastructure Security Agency (CISA) has compiled and released a list of free cybersecurity tools for the election community. The CISA released the toolkit through the Joint Cyber Defense Collaborative (JCDC) with the goal of helping state entities and companies step up their cybersecurity efforts and improve the cyber resilience of US election infrastructure.

CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG

The US Cybersecurity and Infrastructure Security Agency (CISA) has been investigating attacks exploiting the Log4Shell vulnerability in third-party products like VMware Horizon and Unified Access Gateway (UAG). The agency published indicators of compromise (IOCs) collected from incidents it investigated as recently as June, highlighting the long-lasting impact of this vulnerability that’s over six months old.