My TechDecisions

Search Results: cisa

CISA Software Security

CISA Adds 66 CVEs to Known Exploited Vulnerabilities List

The majority of the new additions to CISA's list of known exploited vulnerabilities are several years old, including 8 from 2010 or earlier.

March 28, 2022 Zachary Comeau Leave a Comment

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added 66 software security bugs that are being actively exploited to its database of known exploited vulnerabilities, including some from leading technology vendors that date back several years. For the majority of the products implicated in the new additions, there are patches available to remediate the […]

Read More
Proofpoint CISO, CISOs cyberattack

CISA: Russian Hackers Leveraged Default MFA, PrintNightmare To Gain Network Access

Using stolen credentials, misconfigured MFA and PrintNightmare, Russian state-sponsored hackers compromised a victim's network, agencies say.

March 16, 2022 Zachary Comeau Leave a Comment

According to U.S. authorities, Russian state-sponsored hackers are leveraging default multi-factor authentication (MFA) protocols and the PrintNightmare vulnerabilities to gain network access. In a joint advisory, the FBI and Cybersecurity and Infrastructure Security Agency say cyber actors backed by the Russian government began pairing those attack vectors as early as May 2021 to target a […]

Read More
CISA Software Security

CISA Adds 95 New Bugs To Database Of Known Exploited Vulnerabilities

Some security bugs recently added to CISA's catalog of known exploited vulnerabilities are more than a decade old.

March 4, 2022 Zachary Comeau Leave a Comment

There are 95 new known exploited vulnerabilities that IT and security professionals should immediately investigate and mitigate, including several that date back at least a decade, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The agency added the vulnerabilities to its catalog of known exploited vulnerabilities based on evidence of exploitation in the […]

Read More
CISA Software Security

Supplement Your Cybersecurity Staff With These Free CISA Resources

CISA's catalog of free sources includes widely used open-source tools and services offered by private and public sector organizations.

February 22, 2022 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency has released a litany of free security tools and resources designed to help organizations advance its security capabilities, including widely used open-source tools and services offered by private and public sector organizations. The catalog of free resources comes amid rising geopolitical tensions that both government agencies and software […]

Read More

CISA Warns of Increased Globalized Threat of Ransomware

Ransomware tactics and techniques are continuing to evolve and place an immediate threat to organizations globally.

February 16, 2022 Alyssa Borelli Leave a Comment

In 2021, 14 of the 16 U.S. critical infrastructure sectors were hit with ransomware, according to the CISA, FBI and NSA in a new report. And it’s not just happening the U.S., Australia’s critical infrastructure entities have been hit, as well as in the U.K. The education sector was one of the top U.K. sectors […]

Read More
CISA Software Security

This CISA Resource Can Help Protect You From Actively Exploited Bugs

CISA has added 15 new actively exploited bugs to its catalog of known exploited vulnerabilities that all organizations should patch.

February 14, 2022 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been extremely active in helping both the public sector and private sector respond to cybersecurity threats, and is often one of the leading voices when new threats emerge. The agency, part of DHS, has released guides, advisories and other resources on current and historical threats, and […]

Read More
Crowdstrike Charlotte AI

CISA Selects CrowdStrike to Protect its Endpoints & Workloads

Cybersecurity and Infrastructure Security Agency (CISA) chooses CrowdStrike’s Flacon technology platform to fulfill its mission.

December 7, 2021 TD Staff Leave a Comment

CrowdStrike Inc., a provider of cloud-based endpoint and workload protection, announced the Cybersecurity and Infrastructure Security Agency (CISA) has selected it as one of the major platforms to support the Executive Order endpoint detection and response initiative. CrowdStrike brings cloud-native AI-driven power of the CrowdStrike Falcon platform to secure critical endpoints and workloads for the […]

Read More
Cisco Live 2023

Patch Now: Cisco, CISA Sound The Alarm On Four Software Flaws

The networking company released patches for vulnerabilities in Cisco Policy Suite, network switches and Cisco’s Email Security Appliance.

November 5, 2021 Zachary Comeau Leave a Comment

Cisco and the U.S. Cybersecurity and Infrastructure Security Agency are urging organizations to apply updates that patch critical vulnerabilities in Cisco products. The networking company released patches for several vulnerabilities this week, including two rated critical and two rated high, impacting Cisco Policy Suite, two lines of switches and Cisco’s Email Security Appliance. The vulnerabilities […]

Read More
China, Hacking, Microsoft, Routers, Volt Typhoon

CISA, FBI and NSA Issue Advisory of BlackMatter Ransomware

BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities prompting an advisory from federal agencies.

October 20, 2021 TD Staff Leave a Comment

BlackMatter, a possible re-brand of DarkSide, which was active from September 2020 through May 2021 is back at it again. Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture sector organizations, according to a joint advisory from the CISA, FBI and NSA. Black Matter actors have […]

Read More
CISA NSA VPN

NSA, CISA Release VPN Selection, Hardening Guidance

Document is designed to help organizations select standards-based VPN solutions and harden networks to prevent compromise from bad actors.

September 30, 2021 Zachary Comeau Leave a Comment

The U.S. National Security Agency and Cybersecurity and Infrastructure Security Agency have jointly released a new guidance resource on selecting and hardening virtual private network (VPN) solutions to help organizations address security risks associated with the popular tools. Especially in this new age of remote/hybrid work, VPNs have become a popular resource for organizations with […]

Read More