My TechDecisions

Search Results: cisa

CISA Software Security

Software Manufacturers Urged to Think Security Before Features, Speed to Market

CISA and other cybersecurity agencies are urging tech companies to think more about security of their products.

April 13, 2023 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency along with its counterpart agencies from several different countries have published a new guide urging software manufacturers to take steps to ship products that are built with security from the ground up. The guidance, “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default, comes […]

Read More
Genesis Market

Check to See If Your Organization’s Credentials Were on Genesis Market

Dark web initial access marketplace Genesis Market has been seized, and organizations can check to see if they were compromised.

April 6, 2023 Zachary Comeau Leave a Comment

Genesis Market, online criminal marketplace that advertised and sold packages of stolen credentials that threat actors use to compromise accounts in the financial sector, critical infrastructure and federal, state and local government agencies, has been dismantled by a coalition of international law enforcement agencies. According to a news release from the U.S. Department of Justice, […]

Read More
Log4j, Older Vulnerabilities, CISA KEV

Older, Unpatched Vulnerabilities Are Still Wreaking Havoc

Older vulnerabilities that remain unpatched are still the primary vehicle for cyberattacks, Tenable report finds.

February 28, 2023 Zachary Comeau Leave a Comment

Older vulnerabilities for which patches have already been made available by the vendor are still the primary vehicle for cyberattacks, suggesting that organizations are still behind in practicing good cyber hygiene, according to new data from Tenable. The Columbia, M.D.-based provider of vulnerability management software finds in its 2022 Threat Landscape Report that the number […]

Read More
Royal Ransomware

DPRK Ransomware Group Targets Healthcare Sector, Agencies Say

U.S. agencies are warning healthcare organizations and others to be aware of new ransomware activity from a North Korean nation-state group.

February 13, 2023 Zachary Comeau Leave a Comment

U.S. agencies are warning healthcare organizations and other critical infrastructure organizations to be aware of recent activity from a North Korean nation-state ransomware group that is leveraging older vulnerabilities–including Log4Shell– to gain access into victim environments. The advisory from the FBI, U.S. Cybersecurity and Infrastructure Security Agency and other agencies gives an overview of the […]

Read More
Progress MOVEit vulnerability

How to Protect Against and Recover from ESXiArgs Ransomware

CISA has released a recovery guide that includes a recovery script to help organizations recover from the ESXiArgs ransomware attacks.

February 9, 2023 Zachary Comeau Leave a Comment

To help organizations impacted by the ESXiArgs ransomware campaign that is exploiting a two-year-old vulnerability in VMware ESXi servers, the U.S Cybersecurity and Infrastructure Agency has released a recovery guide that includes a recovery script to help organizations recover their files. According to the agency, threat actors are targeting end-of-life ESXi servers or ESXi servers […]

Read More
CISA Ransomware

Critical VMware Vulnerability From 2021 Leveraged in Mass Ransomware Campaign

A threat actor is reportedly leveraging a two-year-old vulnerability in VMware ESXi servers to deploy ransomware.

February 7, 2023 Zachary Comeau Leave a Comment

A two-year-old vulnerability in VMware ESXi servers is reportedly under mass-exploitation by a ransomware threat actor, and more than 1,000 VMware ESXI severs have been compromised. According to cybersecurity firm Blackberry, the new ransomware, ESXiArgs, is targeting unpatched VMware ESXi servers connected to the internet, leveraging a remote code execution bug from 2021 to cause […]

Read More
IT news, This Week in it, Microsoft, Google, Gmail, ISE 2023,

This Week in IT: Microsoft Outage, VR, Cyberattacks, iOS 16.3

A Microsoft 365 outage, the AltspaceVR shutdown, Hive ransomware takedown, legitimate RMM abuse and iOS 16.3 highlight this week's IT news.

January 26, 2023 Zachary Comeau Leave a Comment

Editor’s note: There is a lot going on in the world of IT, from emerging technologies to digital transformation and new cybersecurity threats. However, we can’t possibly cover it all, so we’ll bring you This Week in IT, a curated summary of IT and enterprise technology news stories each week. Microsoft 365 outage Multiple Microsoft 365 […]

Read More
Cybersecurity testing, penetration testing, cyber threats

This K-12 Cybersecurity Resource Offers Useful Guidance for School IT Professionals

The U.S. Cybersecurity & Infrastructure Security Agency has released a report to help keep K-12 organizations secure.

January 25, 2023 Zachary Comeau Leave a Comment

In an effort to help protect K-12 educational institutions from an increasing rate of cyberattacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new report with recommendations and resource to help K-12 IT professionals address their plentiful security risks. CISA’s new report, “Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity […]

Read More
Microsoft Nuance DAX

FDA to Regulate Medical Device Cybersecurity

A new law requires manufacturers of medical devices to ensure that their equipment and related systems are cybersecure.

January 19, 2023 TD Staff Leave a Comment

For years now, healthcare providers have been struggling with the cybersecurity issues posed by medical devices. One study released in December found that internet-connected medical devices have a 24% greater risk for cyberattacks. However, a new federal law passed late last year offers some relief. The Food and Drug Administration (FDA) now has the authority and $5 […]

Read More
ransomware emsisoft, organization impacted by ransomware

Education, Healthcare And Government Organizations Impacted by Ransomware in 2022

An Emsisoft report found almost twice the number of K-12 schools were impacted by ransomware in 2022 compared to 2021.

January 10, 2023 TD Staff Leave a Comment

Ransomware continues to be a significant challenge for colleges and universities, school districts, and hospitals across the country, according to a new report. The 2022 report, released Monday by digital security firm Emsisoft, determined 89 education sector organizations were impacted by ransomware. Broken down, hackers demanded ransoms from 44 universities and colleges, and 45 school districts […]

Read More