Categoria: CISA

US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability

us-gov-expects-widespread-exploitation-of-atlassian-confluence-vulnerability

CISA, FBI, and MS-ISAC warn of potential widespread exploitation of CVE-2023-22515, a critical vulnerability in Atlassian Confluence.

The post US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability appeared first on SecurityWeek.

CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware

cisa-now-flagging-vulnerabilities,-misconfigurations-exploited-by-ransomware

CISA is now flagging vulnerabilities and misconfigurations that are known to be exploited in ransomware attacks.

The post CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware appeared first on SecurityWeek.

CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws

cisa-reverses-course-on-malicious-exploitation-of-video-conferencing-device-flaws

CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range.

The post CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws appeared first on SecurityWeek.

Government Shutdown Could Bench 80% of CISA Staff

government-shutdown-could-bench-80%-of-cisa-staff

Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown.

The post Government Shutdown Could Bench 80% of CISA Staff appeared first on SecurityWeek.

CISA Unveils New HBOM Framework to Track Hardware Components

cisa-unveils-new-hbom-framework-to-track-hardware-components

CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.

The post CISA Unveils New HBOM Framework to Track Hardware Components appeared first on SecurityWeek.

Faster Patching Pace Validates CISA’s KEV Catalog Initiative

faster-patching-pace-validates-cisa’s-kev-catalog-initiative

CISA says Known Exploited Vulnerabilities Catalog has helped federal agencies significantly accelerate their vulnerability remediation pace.

The post Faster Patching Pace Validates CISA’s KEV Catalog Initiative appeared first on SecurityWeek.

CISA Releases New Identity and Access Management Guidance

cisa-releases-new-identity-and-access-management-guidance

CISA has released new guidance on how federal agencies can integrate identity and access management into their ICAM architecture.

The post CISA Releases New Identity and Access Management Guidance appeared first on SecurityWeek.

US Agencies Publish Cybersecurity Report on Deepfake Threats

us-agencies-publish-cybersecurity-report-on-deepfake-threats

CISA, FBI and NSA have published a cybersecurity report on deepfakes and recommendations for identifying and responding to such threats.

The post US Agencies Publish Cybersecurity Report on Deepfake Threats appeared first on SecurityWeek.

US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities

us-aeronautical-organization-hacked-via-zoho,-fortinet-vulnerabilities

APTs exploited vulnerabilities in Zoho ManageEngine and Fortinet VPNs to hack an aerospace organization in early January 2023.

The post US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities appeared first on SecurityWeek.

CISA Releases Guidance on Adopting DDoS Mitigations

cisa-releases-guidance-on-adopting-ddos-mitigations

CISA has released new guidance to help federal agencies decide upon and prioritize DDoS mitigations based on mission and reputational impact.

The post CISA Releases Guidance on Adopting DDoS Mitigations appeared first on SecurityWeek.