The US Cybersecurity and Infrastructure Security Agency (CISA) has made its Protective Domain Name System available to all federal civilian agencies through CISA’s Cybersecurity Shared Services Office. In a blog post, CISA writes, “Protective DNS shields federal users and organizations from reaching known or suspected malicious destinations with a cutting-edge capability that safeguards network connections. …
Updated on 2022-09-23: CISA Adds Critical Zoho Flaw to Known Exploited Vulnerabilities Catalog The US Cybersecurity and Infrastructure Security Agency (CISA) has added a Java deserialization vulnerability in Zoho ManageEngine products to its Known Exploited Vulnerabilities (KEV) catalog. The critical flaw affects ManageEngine PAM360, Password Manager Pro, and Access Manager Plus. CISA has given federal …
Updated on 2022-09-22: Senate Bill Addresses Open Source Software Protection Members of the US Senate Homeland Security Committee have introduced a bill that aims to enhance open-source software security. The Securing Open Source Software Act would direct the Cybersecurity and Infrastructure Security Agency (CISA) to develop a framework for assessing open source software risk. It …
[Updated on 21 September 2022] Critical vulnerabilities in power distribution units The CISA warned of seven system vulnerabilities in Dataprobe’s iBoot-PDU power distribution unit product in its alert. CVE-2022-3183 and CVE-2022-3184 have been recognized as two firmware flaws, and the remaining five discovered vulnerabilities span from CVE-2022-3185 to CVE-2022-3189. If the first two vulnerabilities are …
The US Cybersecurity and Infrastructure Security Agency (CISA) has published an Industrial Control System (ICS) Advisory, warning of an improper authentication vulnerability in all versions of the Kingspan TMS300 CS water tank management system. The remotely exploitable flaw “does not properly restrict access to endpoints,” and could allow an attacker to view and modify application …
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two security issues to its Known Exploited Vulnerabilities (KEV) catalog: a privilege escalation issue in Microsoft Windows, and a remote code execution vulnerability in iOS, iPadOS, and macOS. Microsoft released a fix for the vulnerability on Tuesday, September 13. Apple patched the RCE flaw on …
The US Cybersecurity and Infrastructure Security agency (CISA) has published a request for information (RFI) seeking input on proposed cyber incident reporting regulations for critical infrastructure. CISA is soliciting input as the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which “directs CISA to develop and oversee implementation of regulations requiring covered entities …
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a dozen security flaws to its Known exploited Vulnerabilities (KEV) catalog. The issues affect products from Google, D-Link, QNAP, Apple, MikroTik, Oracle, Fortinet, Netgear, and Android. All 12 vulnerabilities have mitigation deadlines of September 29, 2022.
Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), previewed CISA’s new strategic plan and said that they would soon publish a request for information (RFI) regarding cyber incident reporting requirements. CISA’s strategic plan will have four [pillars: cyber defense; risk reduction and resilience; operational collaboration; and agency unification. In addition to …
[Update on 22 September 2022] In a new update, the hackers who attacked the Los Angeles Unified School District made a ransom demand. However, the officials have not made any response to the demand. Read more: L.A. Unified cyberattackers demand ransom [Update on 12 September 2022] L.A. school district hit by ransomware The Los Angeles …
