simontsui, 4 months ago to random

CISA and FBI released a joint Cybersecurity Advisory (CSA), Known Indicators of Compromise Associated with Androxgh0st Malware, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware.
🔗 https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-016a

#CISA #FBI #securityadvisory #Androxgh0st #IOC #TTP #threatintel

governa, 4 months ago to random

#CISA: Critical #SharePoint vulnerability is under active exploitation ⚠️

https://www.theregister.com/2024/01/12/microsoft_sharepoint_vuln_exploit/

RedPacketSecurity, 4 months ago to OSINT

CISA: CISA Adds One Known Exploited Vulnerability to Catalog - https://www.redpacketsecurity.com/cisa-cisa-adds-one-known-exploited-vulnerability-to-catalog-12-01-2024/

#CISA #OSINT #ThreatIntel #Cyber

securityaffairs, 4 months ago to microsoft Italian

#CISA ADDS #IVANTI AND #MICROSOFT SHAREPOINT BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG
https://securityaffairs.com/157320/security/cisa-ivanti-microsoft-sharepoint-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking

0x58, 4 months ago to infosec

So, who's lying and who's doing a PR stunt? :birdsite:​

If the SEC had failed to enable two-factor authentication — as the statement from X claimed — the agency would be in violation of federal government guidance. A December 2021 advisory from the Cybersecurity and Infrastructure Security Agency urges federal agencies to enforce multi-factor authentication for their social media accounts, among other actions.

#infosec #cybersecurity #CISA

https://cyberscoop.com/after-hack-x-claims-sec-failed-to-use-two-factor-authentication/

governa, 5 months ago to chrome

#CISA warns of actively exploited bugs in #Chrome and #Excel parsing library

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-bugs-in-chrome-and-excel-parsing-library/

thenewoil, 5 months ago to chrome

#CISA warns of actively exploited bugs in #Chrome and #Excel parsing library

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-bugs-in-chrome-and-excel-parsing-library/

#cybersecurity #google #microsoft

cybersecboardrm, 5 months ago to Cybersecurity

How many manufacturers still allow default passwords such as “admin” or “111111” to remain in place after initial device setup? CISA is working on changing that.
https://www.dataprivacyandsecurityinsider.com/2023/12/cisa-alerts-manufacturers-to-eliminate-default-passwords/ #CyberSecurity #default #passwords #CISA

todb, 5 months ago to random

For that special domain in your life, give the gift of a security.txt. Check out the #CISA blog: https://www.cisa.gov/news-events/news/securitytxt-simple-file-big-value

YourAnonRiots, 5 months ago to Cybersecurity Japanese

#CISA warns of severe risks from threat actors exploiting default passwords on internet-exposed systems.

Manufacturers urged to adopt secure by design principles and use unique setup passwords.

https://thehackernews.com/2023/12/cisa-urges-manufacturers-eliminate.html

#cybersecurity #infosec #technews

Freemind, 5 months ago to Cybersecurity

CISA’s Security by Design (SbD) Alert emphasizes the need for technology manufacturers to take proactive steps to eliminate the risk of default password exploitation.

#CISA #Cybersecurity #DataSecurity #Passwords #USA

https://cybersec84.wordpress.com/2023/12/17/cisa-issues-strong-warning-tech-manufacturers-must-eliminate-default-passwords/

thenewoil, 5 months ago to Cybersecurity

#CISA urges tech manufacturers to stop using default #passwords

https://www.bleepingcomputer.com/news/security/cisa-urges-tech-manufacturers-to-stop-using-default-passwords/

#cybersecurity

nono2357, 5 months ago to random

#CISA urges #vendors to get rid of default #passwords
https://cyberscoop.com/cisa-urges-vendors-to-get-rid-of-default-passwords/

governa, 5 months ago to random

#CISA urges tech manufacturers to stop using default passwords

https://www.bleepingcomputer.com/news/security/cisa-urges-tech-manufacturers-to-stop-using-default-passwords/

todb, 5 months ago to random

How to pronounce #CISA:

https://youtu.be/RMXhOT1tXi0

sethmlarson, 5 months ago to python

#Python listed as memory-safe language in latest recommendations by #CISA! 🎉

There's still a gap in resources to migrate Python's package ecosystem to memory-safe programming languages:

https://sethmlarson.dev/security-developer-in-residence-weekly-report-21

securestep9, 5 months ago to opensource

#SBOM: The NSA, #CISA, ODNI and the CyberSecurity industry partners have released a cybersecurity technical report: “Securing the Software Supply Chain: Recommended Practices for Managing #OpenSource Software and Software Bill of Materials (SBOM):
[PDF]👇

https://media.defense.gov/2023/Dec/11/2003355557/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN%20RECOMMENDED%20PRACTICES%20FOR%20MANAGING%20OPEN%20SOURCE%20SOFTWARE%20AND%20SOFTWARE%20BILL%20OF%20MATERIALS.PDF

br00t4c, 6 months ago to security

A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list

#cisa #security

https://go.theregister.com/feed/www.theregister.com/2023/12/06/dud_cve_removed/

YourAnonRiots, 6 months ago to infosec Japanese

🕵️‍♂️ #CISA warns of an ongoing cyber threat targeting government servers via an Adobe ColdFusion #vulnerability (CVE-2023-26360).

https://thehackernews.com/2023/12/hackers-exploited-coldfusion.html

Update your software now.
#infosec

fosslife, 6 months ago to security

New guidelines issued by Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Centre (NCSC) for secure AI system development https://www.fosslife.org/guidelines-secure-ai-systems-issued-cisa-and-ncsc #security #AI #CISA #NCSC #SoftwareDevelopment #Artificialintelligence

jgreig, 6 months ago to Futurology

CISA said the agency is working to identify water utility operators using devices from Israeli company Unitronics and notifying those organizations if they are at risk of cyberattack

#water #Unitronics #CISA

https://therecord.media/cisa-water-utilities-outreach-unitronics-plcs

br00t4c, 6 months ago to random

CISA details twin attacks on federal servers via unpatched ColdFusion flaw

#cisa

https://go.theregister.com/feed/www.theregister.com/2023/12/05/cisa_coldfusion_government/

simontsui, 6 months ago to random

Hot off the press: CISA adds four Qualcomm vulnerabilities to the Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation:

• CVE-2023-33106 (8.4 high severity) Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability
• CVE-2023-33063 (7.8 high) Qualcomm Multiple Chipsets Use-After-Free Vulnerability
• CVE-2023-33107 (8.4 high) Qualcomm Multiple Chipsets Integer Overflow Vulnerability
• CVE-2022-22071 (7.8 high) Qualcomm Multiple Chipsets Use-After-Free Vulnerability

#CISA #KnownExploitedVulnerabilitiesCatalog #KEV #eitw #activeexploitation #CVE202333106 #CVE202333107 #CVE202333063 #CVE202222071 #Qualcomm

simontsui, 6 months ago to apple

Hot off the press: CISA adds the two Apple Zero-Days to the Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation:

• CVE-2023-42916 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
• CVE-2023-42917 Apple Multiple Products WebKit Memory Corruption Vulnerability

#CISA #KnownExploitedVulnerabilitiesCatalog #KEV #eitw #activeexploitation #CVE202342916 #CVE202342917 #Apple #zeroday #vulnerability