My TechDecisions

Search Results: cisa

CISA Untitled Goose Tool

Use This Free CISA Tool for Threat Hunting, Incident Response

CISA's Untitled Goose Tool is a free new tool designed to help network defenders detect malicious activity in Microsoft Azure, AAD and M365.

March 27, 2023 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency has released the Untitled Goose Tool, a free  tool designed to help network defenders detect malicious activity in Microsoft Azure, Azure Active Directory (AAD) and Microsoft 365 (M365) environments. According to CISA, the Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use […]

Read More
CISA Ransomware

CISA Wants You To Report Anything You Know About Ransomware Activity

The U.S. Cybersecurity and Infrastructure Security Agency's new initiative is designed to help organizations stop ransomware attacks early.

March 23, 2023 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is launching its Pre-Ransomware Notificaiton Initiative designed to help organizations thwart ransomware attacks in the early stages of incidents as ransomware actors dwell in a victim’s environment before deploying the ransomware. According to CISA, that window of time–which can last from hours to days–gives the agency enough […]

Read More
Royal Ransomware

FBI, CISA Warn of Royal Ransomware Targeting Critical Infrastructure

Royal ransomware actors have been targeting manufacturing, communications, healthcare and education entities since September 2022, agencies say.

March 3, 2023 Zachary Comeau Leave a Comment

U.S. agencies are warning critical infrastructure organizations to be on the lookout for Royal ransomware, a financially motivated threat actor that has been targeted manufacturing, communications, healthcare and education entities since September 2022. In a joint advisory, the FBI and U.S. Cybersecurity and Infrastructure Security Agency say the Royal ransomware actors have compromised U.S. and […]

Read More
CISA Untitled Goose Tool

What CISA Learned After Conducting a Red Team Assessment of a Large Critical Infrastructure Organization

CISA obtained persistent access to the organization's network, but security controls like MFA helped thwart further activity.

March 1, 2023 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory that describes a CISA red team assessment of a large critical infrastructure organization with a mature cyber posture, with the goal of sharing its key findings to help IT and security professionals improve monitoring and hardening of networks. According to the advisory, […]

Read More
CISA Untitled Goose Tool

CISA Releases Cybersecurity Performance Goals for Critical Infrastructure

CISA's Cybersecurity Performance Goals are based on cost, complexity, and impact and are applicable to organizations of all sizes.

October 28, 2022 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new set of voluntary Cybersecurity Performance Goals that outline he highest priority baseline measures that businesses and critical infrastructure owners can take to protect themselves against cyber threats. The Cybersecurity Performance Goals (CPGs), developed by the Department of Homeland Security (DHS) and CISA at […]

Read More
CISA Untitled Goose Tool

CISA Warns of Quantum Computing Vulnerabilities

U.S. cyber agency's new guide warns of vulnerabilities and outlines the actions critical infrastructure stakeholders should take now.

August 29, 2022 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new guide that outlines the actions critical infrastructure stakeholders should take now to prepare for their future migration to the post-quantum cryptographic standard that the National Institute of Standards and Technology (NIST) will publish in 2024. In the guide, CISA says both the public […]

Read More
CISA Untitled Goose Tool

CISA Adds 75 Known Exploited Vulnerabilities to List, Including New Cisco Bug

CISA within the last week has added 75 security flaws to its list of known vulnerabilities, including a newly discovered CISCO bug.

May 27, 2022 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) within the last week has added more than 70 security flaws to its list of known exploited vulnerabilities that U.S. agencies must patch by a certain date, indicating a heightened danger if the bugs are left unpatched. CISA on Wednesday added 34 bugs to its catalog of […]

Read More

Retrace Founder & CEO Ali Sadat DDS Recognized as Incisal Edge 40 Under 40

April 27, 2022 TechDecisions Staff Leave a Comment

Nomination for Dr. Sadat showcases Retrace’s commitment to improve the entire dental landscape by using AI to unite and integrate the entire claims process SAN FRANCISCO–(BUSINESS WIRE)–Retrace, the first native-built AI healthcare clearinghouse to provide real time connectivity between dental practices and payers, today announced that their Founder and CEO, Ali Sadat, DDS, was honored […]

Read More
CISA Untitled Goose Tool

CISA Adds 66 CVEs to Known Exploited Vulnerabilities List

The majority of the new additions to CISA's list of known exploited vulnerabilities are several years old, including 8 from 2010 or earlier.

March 28, 2022 Zachary Comeau Leave a Comment

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added 66 software security bugs that are being actively exploited to its database of known exploited vulnerabilities, including some from leading technology vendors that date back several years. For the majority of the products implicated in the new additions, there are patches available to remediate the […]

Read More
Microsoft Nobelium AD FS

CISA: Russian Hackers Leveraged Default MFA, PrintNightmare To Gain Network Access

Using stolen credentials, misconfigured MFA and PrintNightmare, Russian state-sponsored hackers compromised a victim's network, agencies say.

March 16, 2022 Zachary Comeau Leave a Comment

According to U.S. authorities, Russian state-sponsored hackers are leveraging default multi-factor authentication (MFA) protocols and the PrintNightmare vulnerabilities to gain network access. In a joint advisory, the FBI and Cybersecurity and Infrastructure Security Agency say cyber actors backed by the Russian government began pairing those attack vectors as early as May 2021 to target a […]

Read More