Top
item
Advertisement

Tag: CISA


Security

Understanding CISA’s proposed cyber incident reporting rules

April 17, 2024

Via: CSO Online

CISA’s massive rulemaking will create the first US cyber incident and ransomware payment reporting mechanism that promises to radically overhaul the workloads of most cybersecurity professionals. In the wake of a string of high-profile cyber incidents, capped by a crippling […]


Security

US government agencies ordered to take Ivanti VPN products offline

February 2, 2024

Via: CSO Online

In January, Ivanti alerted customers that hackers were exploiting two zero-day vulnerabilities in its Ivanti Connect Secure and Ivanti Policy Secure. This week the company revealed that two other vulnerabilities were discovered in the meantime, with one already being exploited […]


Security

CISA adds patched MS SharePoint server vulnerability to KEV catalog

January 12, 2024

Via: CSO Online

A patched privilege escalation vulnerability impacting Microsoft SharePoint servers has been added to the known exploited vulnerabilities (KEV) catalog of the US Cybersecurity and Infrastructure Security Agency (CISA). Citing evidence of active exploitation, CISA has tagged the critical severity bug […]


Security

Cisco patches serious flaws in Firepower and Identity Services Engine

November 6, 2023

Via: CSO Online

Cisco released several patches for high and critical vulnerabilities affecting several products like its Firepower network security devices, Identity Services Engine (ISE)) network access control platform, and Adaptive Security Appliance (ASA). The US Cybersecurity and Infrastructure Security Agency (CISA) issued […]


Security

Cryptography at the Heart of Cybersecurity: State and Local Governments Lead the Charge

October 12, 2023

Via: The Fast Mode

At the beginning of August, the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) announced a partnership to allocate $374.9 million in grants to strengthen state and local cybersecurity initiatives. This represents a crucial pivot […]


Security

CISA updates zero trust maturity model to provide an easier launch

April 17, 2023

Via: CSO Online

The United States Cybersecurity and Infrastructure Security Agency (CISA) has published its Zero Trust Maturity Model (ZTMM) version 2, which incorporates recommendations from public comments it received on its first version of ZTMM. “CISA has been acutely focused on guiding […]


Security, Software, Technology

CISA warns of critical flaws in ICS and SCADA software from multiple vendors

April 7, 2023

Via: CSO

The US Cybersecurity and Infrastructure Security Agency (CISA) published seven advisories this week covering vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from multiple vendors. Some of the flaws are rated critical and two […]


Security

CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws

March 20, 2023

Via: CSO

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable […]


Security

Software liability reform is liable to push us off a cliff

March 2, 2023

Via: CSO

Like “SBOMs will solve everything,” there is a regular cry to reform software liability, specifically in the case of products with insecurities and vulnerabilities. US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly’s comments this week brought the topic […]


Security

CISA releases cybersecurity performance goals to reduce risk and impact of adversarial threats

October 31, 2022

Via: CSO

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) released voluntary cross-sector Cybersecurity Performance Goals (CPGs). CISA was required to produce the CPGs under a national security memo on improving cybersecurity for critical infrastructure control systems issued by President […]


Security

CISA, NSA publish report on O-RAN security considerations

September 19, 2022

Via: RCR Wireless News

The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), through the Enduring Security Framework (ESF), have published a paper about the security considerations in regards to the implementation of Open RAN (O-RAN) architecture. The ESF’s Open RAN […]


Security

U.S. government proposals spell out 5G security advancements

May 31, 2022

Via: CSO

Last week the U.S. federal government introduced a proposed five-step 5G Security Evaluation Process Investigation. “[It] was developed to address gaps in existing security assessment guidance and standards that arise from the new features and services in 5G technologies,” Eric […]


Security

Practical Steps for Responding to the CISA Warning on Russian Cyber Attacks

March 24, 2022

Via: CSO

On February 25, 2022, two days after Russia began its military invasion of Ukraine, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a rare ‘Shields Up’ warning for U.S.-based organizations, stating: “Every organization—large and small—must be prepared to respond […]


Software, Technology

Tech sector embraces public-private collaboration on open-source software security

January 18, 2022

Via: CSO

Hoping to foster improved security of open-source software, the White House hosted a meeting last week with some of the largest public and private users and maintainers of open-source software. Widely used open-source software “brings unique value, and has unique […]


Monitoring&Analysis, Security

Remote Work Opens Up New Vulnerabilities

February 8, 2021

Via: CSO

With most companies forced to transition to remote work, even employees far removed from IT are now actively relying on VPN gateways to secure interactions with co-workers, partners, and clients. That kind of change was hardly going to evade the […]


Monitoring&Analysis, Security

Biden administration brings expertise, new attitude to cybersecurity

February 4, 2021

Via: CSO

The Biden administration has hit the ground running on cybersecurity, reportedly getting ready to nominate what some have called a “world-class” cybersecurity team of officials and prioritizing efforts to tackle the worst hack in US history, the SolarWinds breach. The […]


Monitoring&Analysis, Security

A New Day for Critical Infrastructure Security & Resilience

November 27, 2019

Via: Cisco Blog

It’s a new Day for National Critical Infrastructure Security and Resilience. While November is recognized as the month focused on this issue in the U.S., for some time, digital transformation has widened the aperture of our lens dramatically. This year, […]