Tag: CISA

May 15, 2024

Creating a world that is safer and more secure is core to our vision at Palo Alto Networks, but this only can be achieved if we’re collectively making the internet, as a whole, safer. To do this requires more widespread […]

April 17, 2024

CISA’s massive rulemaking will create the first US cyber incident and ransomware payment reporting mechanism that promises to radically overhaul the workloads of most cybersecurity professionals. In the wake of a string of high-profile cyber incidents, capped by a crippling […]

February 2, 2024

In January, Ivanti alerted customers that hackers were exploiting two zero-day vulnerabilities in its Ivanti Connect Secure and Ivanti Policy Secure. This week the company revealed that two other vulnerabilities were discovered in the meantime, with one already being exploited […]

January 12, 2024

A patched privilege escalation vulnerability impacting Microsoft SharePoint servers has been added to the known exploited vulnerabilities (KEV) catalog of the US Cybersecurity and Infrastructure Security Agency (CISA). Citing evidence of active exploitation, CISA has tagged the critical severity bug […]

November 6, 2023

Cisco released several patches for high and critical vulnerabilities affecting several products like its Firepower network security devices, Identity Services Engine (ISE)) network access control platform, and Adaptive Security Appliance (ASA). The US Cybersecurity and Infrastructure Security Agency (CISA) issued […]

October 12, 2023

At the beginning of August, the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) announced a partnership to allocate $374.9 million in grants to strengthen state and local cybersecurity initiatives. This represents a crucial pivot […]

April 17, 2023

The United States Cybersecurity and Infrastructure Security Agency (CISA) has published its Zero Trust Maturity Model (ZTMM) version 2, which incorporates recommendations from public comments it received on its first version of ZTMM. “CISA has been acutely focused on guiding […]

April 7, 2023

The US Cybersecurity and Infrastructure Security Agency (CISA) published seven advisories this week covering vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from multiple vendors. Some of the flaws are rated critical and two […]

March 20, 2023

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable […]

March 2, 2023

Like “SBOMs will solve everything,” there is a regular cry to reform software liability, specifically in the case of products with insecurities and vulnerabilities. US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly’s comments this week brought the topic […]

October 31, 2022

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) released voluntary cross-sector Cybersecurity Performance Goals (CPGs). CISA was required to produce the CPGs under a national security memo on improving cybersecurity for critical infrastructure control systems issued by President […]

September 19, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), through the Enduring Security Framework (ESF), have published a paper about the security considerations in regards to the implementation of Open RAN (O-RAN) architecture. The ESF’s Open RAN […]

May 31, 2022

Last week the U.S. federal government introduced a proposed five-step 5G Security Evaluation Process Investigation. “[It] was developed to address gaps in existing security assessment guidance and standards that arise from the new features and services in 5G technologies,” Eric […]

March 24, 2022

On February 25, 2022, two days after Russia began its military invasion of Ukraine, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a rare ‘Shields Up’ warning for U.S.-based organizations, stating: “Every organization—large and small—must be prepared to respond […]

January 18, 2022

Hoping to foster improved security of open-source software, the White House hosted a meeting last week with some of the largest public and private users and maintainers of open-source software. Widely used open-source software “brings unique value, and has unique […]

February 8, 2021

With most companies forced to transition to remote work, even employees far removed from IT are now actively relying on VPN gateways to secure interactions with co-workers, partners, and clients. That kind of change was hardly going to evade the […]

February 4, 2021

The Biden administration has hit the ground running on cybersecurity, reportedly getting ready to nominate what some have called a “world-class” cybersecurity team of officials and prioritizing efforts to tackle the worst hack in US history, the SolarWinds breach. The […]

November 27, 2019

It’s a new Day for National Critical Infrastructure Security and Resilience. While November is recognized as the month focused on this issue in the U.S., for some time, digital transformation has widened the aperture of our lens dramatically. This year, […]