Skip to Content

CISA Releases Protective DNS Resolver Shared Service

The US Cybersecurity and Infrastructure Security Agency (CISA) has made its Protective Domain Name System available to all federal civilian agencies through CISA’s Cybersecurity Shared Services Office. In a blog post, CISA writes, “Protective DNS shields federal users and organizations from reaching known or suspected malicious destinations with a cutting-edge capability that safeguards network connections. …

Read More about CISA Releases Protective DNS Resolver Shared Service

Zoho servers under attack

Updated on 2022-09-23: CISA Adds Critical Zoho Flaw to Known Exploited Vulnerabilities Catalog The US Cybersecurity and Infrastructure Security Agency (CISA) has added a Java deserialization vulnerability in Zoho ManageEngine products to its Known Exploited Vulnerabilities (KEV) catalog. The critical flaw affects ManageEngine PAM360, Password Manager Pro, and Access Manager Plus. CISA has given federal …

Read More about Zoho servers under attack

US bill to secure FOSS software

Updated on 2022-09-22: Senate Bill Addresses Open Source Software Protection Members of the US Senate Homeland Security Committee have introduced a bill that aims to enhance open-source software security. The Securing Open Source Software Act would direct the Cybersecurity and Infrastructure Security Agency (CISA) to develop a framework for assessing open source software risk. It …

Read More about US bill to secure FOSS software

Critical vulnerabilities in Dataprobe iBoot-PDU power distribution units

[Updated on 21 September 2022] Critical vulnerabilities in power distribution units The CISA warned of seven system vulnerabilities in Dataprobe’s iBoot-PDU power distribution unit product in its alert. CVE-2022-3183 and CVE-2022-3184 have been recognized as two firmware flaws, and the remaining five discovered vulnerabilities span from CVE-2022-3185 to CVE-2022-3189. If the first two vulnerabilities are …

Read More about Critical vulnerabilities in Dataprobe iBoot-PDU power distribution units

CISA Warns of Improper Authentication Vulnerability in Water Tank Management System

The US Cybersecurity and Infrastructure Security Agency (CISA) has published an Industrial Control System (ICS) Advisory, warning of an improper authentication vulnerability in all versions of the Kingspan TMS300 CS water tank management system. The remotely exploitable flaw “does not properly restrict access to endpoints,” and could allow an attacker to view and modify application …

Read More about CISA Warns of Improper Authentication Vulnerability in Water Tank Management System

CISA Adds Windows Privilege Elevation and Apple RCE Flaws to Known Exploited Vulnerabilities Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two security issues to its Known Exploited Vulnerabilities (KEV) catalog: a privilege escalation issue in Microsoft Windows, and a remote code execution vulnerability in iOS, iPadOS, and macOS. Microsoft released a fix for the vulnerability on Tuesday, September 13. Apple patched the RCE flaw on …

Read More about CISA Adds Windows Privilege Elevation and Apple RCE Flaws to Known Exploited Vulnerabilities Catalog

CISA RFI on Cyber Incident Reporting Requirements for Critical Infrastructure

The US Cybersecurity and Infrastructure Security agency (CISA) has published a request for information (RFI) seeking input on proposed cyber incident reporting regulations for critical infrastructure. CISA is soliciting input as the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which “directs CISA to develop and oversee implementation of regulations requiring covered entities …

Read More about CISA RFI on Cyber Incident Reporting Requirements for Critical Infrastructure

CISA’s New Strategic Plan and an RFI on Cyber Incident Reporting

Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), previewed CISA’s new strategic plan and said that they would soon publish a request for information (RFI) regarding cyber incident reporting requirements. CISA’s strategic plan will have four [pillars: cyber defense; risk reduction and resilience; operational collaboration; and agency unification. In addition to …

Read More about CISA’s New Strategic Plan and an RFI on Cyber Incident Reporting

CISA and FBI Advisory Warns Ransomware Actors are Targeting Education Sector as Los Angeles Unified School Recovers From an Attack

[Update on 22 September 2022] In a new update, the hackers who attacked the Los Angeles Unified School District made a ransom demand. However, the officials have not made any response to the demand. Read more: L.A. Unified cyberattackers demand ransom [Update on 12 September 2022] L.A. school district hit by ransomware The Los Angeles …

Read More about CISA and FBI Advisory Warns Ransomware Actors are Targeting Education Sector as Los Angeles Unified School Recovers From an Attack
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.