CISA

Subscribe to CISA

The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch so organizations can identify, mitigate, and respond to an attack using the Snatch ransomware variant.

Snatch has been hitting the Defense Industrial Base (DIB)

VMware provides multi-cloud services, products, and solutions for its customers, including VMware Tools. On September 1, 2023, VMware released a security update for a vulnerability in VMware Tools. According to the Cybersecurity Infrastructure Security Agency (CISA), “A cyber threat actor can exploit this vulnerability to obtain sensitive information.”

In the alert, CISA “encourages users

On August 22, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) issued four more advisories related to industrial control systems. The advisories are applicable to four different industrial control products, explain the risk of the vulnerability (e.g., “successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted

CISA released a blog post last week reminding software designers that artificial intelligence (AI) tools are software and that they “must consider the security of the customers as a core business requirement, not just a technical feature, and prioritize security throughout the whole lifecycle of the product, from inception of the idea to planning for

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued “timely information about current security issues, vulnerabilities, and exploits surrounding” Industrial Control Systems (ICS).

The Advisories provide background on the vulnerabilities, and the manufacturers’ releases for remediation and mitigation to implement to protect against the vulnerabilities, which Industrial Control Systems operators may wish to consult. The

On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell ArmorStart, and Rockwell Automation Factory Talk Vantagepoint.  

The Snap One vulnerabilities, if exploited, “could allow an attacker to impersonate and claim devices, execute arbitrary

While recently speaking at a conference hosted by Vanderbilt University, Jen Easterly, the Director of the Cybersecurity Infrastructure Security Agency (CISA) urged the development of regulations around the use of artificial intelligence (AI). According to reporting by Reuters, Easterly recalled the lessons learned from the lack of security in the design of the Internet and

The Cybersecurity & Infrastructure Security Agency (CISA) recently issued an Alert outlining the top Common Vulnerabilities and Exposures (CVEs) that have been used by the People’s Republic of China (PRC) state-sponsored cyber actors since 2020.

According to the Alert, these threat actors “continue to exploit known vulnerabilities to actively target U.S. and allied networks as

Microsoft recently issued mitigation steps for vulnerabilities that are being actively exploited by threat actors. Microsoft stated that it is aware that two vulnerabilities are being actively exploited to access users’ systems.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory following Microsoft’s release of the mitigation steps, encouraging “users and administrators to review