Posts Tagged ‘CISA’

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

The U.S. CISA added the  CVE-2022-23176  flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the  CVE-2022-23176  flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, […]

Leave a Comment

CISA and DoE warns of attacks targeting UPS devices

The US CISA and the Department of Energy issued guidance on mitigating attacks against uninterruptible power supply (UPS) devices. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy published joint guidance on mitigating cyber attacks against uninterruptible power supply (UPS) devices. The US agencies warn of threat actors gaining access to […]

Leave a Comment

CISA adds 15 new flaws to the Known Exploited Vulnerabilities Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) added 15 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the […]

Leave a Comment

CISA urges to fix actively exploited Firefox zero-days by March 21

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added recently disclosed Firefox zero-days to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added two critical security vulnerabilities in Mozilla firefox, tracked as  CVE-2022-26485  and  CVE-2022-26486 , to its Known Exploited Vulnerabilities Catalog. The US agency has ordered federal civilian agencies to address […]

Leave a Comment

CISA compiled a list of free cybersecurity tools and services

The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced this week that it has compiled a list of free cybersecurity tools and services that can help organizations to reduce cybersecurity risk and increase resilience. The […]

Leave a Comment

CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to the Known Exploited Vulnerabilities Catalog. The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies. According to Binding Operational Directive (BOD) […]

Leave a Comment

CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog

CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet FortiOS issues. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including recently disclosed Apache Log4Shell Log4j and Fortinet FortiOS flaws. […]

Comments (1)

CISA releases incident response plans for federal agencies

The Cybersecurity and Infrastructure Security Agency (CISA) has released new cybersecurity response plans for federal civilian executive branch (FCEB) agencies (” Federal Government Cybersecurity Incident and Vulnerability Response Playbooks“). The documents aim at developing a standard set of operational procedures (i.e., playbook) to be used in planning and conducting cybersecurity vulnerability and incident response activity for […]

Leave a Comment

CISA recommends vendors to fix BrakTooth issues after the release of PoC tool

US CISA is urging vendors to address BrakTooth flaws after security researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against potential Bluetooth exploits. “On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in […]

Leave a Comment

CISA releases Insider Risk Mitigation Self-Assessment Tool

The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks. The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Insider Risk Mitigation Self-Assessment Tool, a new tool that allows organizations to assess their level […]

Leave a Comment

CISA launches US federal vulnerability disclosure platform

“Through this crowdsourcing platform, Federal Civilian Executive Branch (FCEB) agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely […]

Leave a Comment