Category Archives: Cybersecurity and Infrastructure Security Agency (CISA)

CISA: Federal civilian agency hacked by nation-state and criminal hacking groups

A nation-state hacking group and a criminal gang best known for card skimming had access to a federal civilian agency from August to January 2023, according to a Wednesday joint alert released by the Cybersecurity and Infrastructure Security Agency, the FBI and the Multi-State Information Sharing and Analysis Center. According to the alert, both the […]

Presidential advisory council recommends cyber mandates for critical infrastructure

The National Infrastructure Advisory Council called for mandatory cybersecurity rules for critical infrastructure organizations and the technology vendors that service those sectors, echoing recommendations in the Biden administration’s national cybersecurity strategy. The National Security Council requested the report from the group of 30 executives and leaders from public and private sector that advises the White […]

CISA tests ransomware alert system to safeguard vulnerable organizations

The Cybersecurity and Infrastructure Security Agency announced on Monday a pilot program that aims to identify known vulnerabilities in critical infrastructure networks that ransomware operators commonly use to infect systems and extort victims. The Ransomware Vulnerability Warning Pilot (RVWP) warns critical infrastructure owners and operators that their vulnerable systems could be exploited and is a […]

Biden’s budget seeks increase in cybersecurity spending

President Biden’s budget proposal for fiscal year 2024 budget calls for wide-ranging investments to boost the cybersecurity resilience of the U.S. government and to implement his recently release cyber strategy, which calls for a whole-of-government approach to boosting U.S. digital defenses. With Republicans in control of the House of Representatives, Biden’s budget has no chance […]

TSA issues aviation regulations for airlines, airports facing ‘persistent cybersecurity threat’

In the latest move from the Biden administration to strengthen cybersecurity protections for critical infrastructure operators, the Transportation Security Administration on Tuesday announced regulations to compel airports along with aircraft owners and operators to improve their digital defenses in the face of growing threats. “Protecting our nation’s transportation system is our highest priority and TSA […]

CISA director urges tech sector to stop shipping unsafe products

Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, called on technology companies to take greater responsibility when it comes to the cybersecurity of their products that “are embedded into the very foundations of our society.” The remarks at a Carnegie Mellon University event on Monday echo a recent call to action from […]

More vulnerabilities in industrial systems raise fresh concerns about critical infrastructure hacks

A slew of new reports about vulnerabilities in operational technology systems are raising fresh concerns about potential weaknesses inside U.S. critical infrastructure organizations. In just the past few weeks, researchers revealed flaws that in some cases could let hackers bypass security systems or give them remote access to equipment that runs manufacturing facilities and energy […]

Global ransomware spree infects unpatched VMWare servers. CISA has a fix.

The Cybersecurity and Infrastructure Security Agency released a script Tuesday night to help organizations attempting to recover virtual machines affected by a spree of global cyberattacks targeting VMware ESXi servers. The so-called ESXiArgs ransomware variant takes advantage of two-year-old vulnerability that attackers are able to remotely exploit. Last weekend, the attacks prompted warnings from several […]

Cybercriminals scam two federal agencies via remote desktop tool, CISA warns

Cybercriminals duped federal employees into downloading remote monitoring and management software and then used it to execute scams to steal money from victims’ bank accounts, top cybersecurity officials said Wednesday. In an alert warning agencies about the malicious use of remote management software, in this case ConnectWise Control and AnyDesk, officials said that while the […]

Software bills of material face long road to adoption

There are few things the fractious community of cybersecurity experts and researchers can agree on. One of the rare exceptions is the need for more widespread use of software bills of materials, or SBOMs, a tool that lists the components of a given piece of software.  With that information in hand, cybersecurity defenders are far […]

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.