cisa
Getting rid of a 20+ year old known vulnerability: It’s like a PSA for Runtime Security
On Wednesday, March 27, CISA and the FBI issued a cry for help: We need to stamp out SQL injection vulnerabilities, and we need to do it yesterday, they said in a ...
Irony of Ironies: CISA Hacked — ‘by China’
Free rides and traffic jams: U.S. Cybersecurity and Infrastructure Security Agency penetrated in February, via vuln in Ivanti ...
CISA Warns Phobos Ransomware Groups Attacking Critical Infrastructure
Phobos, a complex ransomware-as-a-service (RaaS) operation that has been around for five years and is includes multiple variants, continues to target a range of critical infrastructure in the United States, including education, ...
Volt Typhoon Malware: US Critical Infrastructure Breached
In a recent revelation, the U.S. government disclosed that the Chinese state-sponsored hacking group, Volt Typhoon has surreptitiously infiltrated critical infrastructure networks within the country for a staggering five-year period. This embedded ...
New Malware in Exploits Targeting Ivanti Vulnerabilities
Google-owned Mandiant has uncovered a new malware exploiting vulnerabilities in Ivanti Connect Secure VPN and Policy Secure devices. These malwares have been utilized by several threat groups, including the China-nexus espionage group ...
China-Sponsored Hackers Lie in Wait to Attack US Infrastructure
Hackers with the Chinese state-sponsored threat group Volt Typhoon continue to hide away in computers and networks of U.S. critical infrastructure entities, “pre-positioning” themselves to disrupt operations if conflicts between the United ...
CISA and FBI Warn of AndroxGh0st Malware Threat
CISA and FBI have jointly issued a warning about the threat posed by AndroxGh0st malware, emphasizing its use in establishing a botnet for “victim identification and exploitation within target networks.” Originating in ...
CISA Mitigation Guide for Healthcare Organizations: Part Two
Whole hospital security means knowing every cyber asset in real-time detail On November 20, 2023, the Cybersecurity Infrastructure and Security Agency (CISA) issued guidance for healthcare delivery organizations (HDOs) struggling to secure ...
Ransomware Attack Targets Major North American Water Company
A ransomware attack last week hit the North American operations of massive water and wastewater systems operator Veolia, illustrating the ongoing threat to the critical infrastructure sector by cybercrime groups. Veolia officials ...
CISA, FBI, EPA Offer Cybersecurity Guide for Water System Operators
After some stops and starts, U.S. federal agencies have issued guidance to help water and wastewater system operators better respond to cyberattacks, an important step as threat actors are increasingly targeting the ...