Cybersecurity & Infrastructure Security Agency

Impersonation schemes are on the rise, and artificial intelligence (including deep fakes and voice cloning) will only make these schemes more difficult to detect.

Threat actors are emboldened, evidenced by the fact that the Cybersecurity and Infrastructure Security Agency (CISA) recently published an alert that threat actors are impersonating CISA employees in vishing attacks in

Patching vulnerabilities is a difficult task. Keeping up with and patching them without disrupting users’ experience is tricky. Nonetheless, it is a necessary evil and crucial to cybersecurity hygiene and incident prevention.

On March 12, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued three Cybersecurity Alerts for Adobe, Microsoft, and Fortinet security patches.

The

In a joint release last week, the Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies issued a chilling Advisory about the ongoing attacks by Volt Typhoon on U.S. critical infrastructure. Volt Typhoon is a People’s Republic of China (PRC) sponsored group that uses slow and persistent techniques to gain entry into U.S.-based critical

Mozilla recently released security updates to address known vulnerabilities in their Thunderbird and Firefox products. The Cybersecurity & Infrastructure Security Agency (CISA) is recommending that the patches be applied because “a cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.”

The updates to the Thunderbird product are designed

On December 15, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) issued a Secure by Design Alert and guidance on “How Manufacturers Can Protect Customers by Eliminating Default Passwords.”

The guidance was created by CISA to “urge technology manufacturers to proactively eliminate the risk of default password exploitation by implementing principles one and three of

On November 17, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released a supplemental mitigation guide for the healthcare and public health sector to the Cyber Risk Summary for those sectors published on July 19, 2023.

“This guide provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting this critical infrastructure

Following the White House’s Executive Order on AI, the Cybersecurity & Infrastructure Security Agency (CISA) issued its Roadmap for Artificial Intelligence this week “which is a whole-of-agency plan aligned with national AI strategy to address our efforts to: promote the beneficial uses of AI to enhance cybersecurity capabilities, ensure AI systems are protected from cyber-based

The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and MS-ISAC recently released an urgent Joint Advisory on the Atlassian Confluence Vulnerability CVE-2023-22515.

According to the Alert, “this critical vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator

On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell ArmorStart, and Rockwell Automation Factory Talk Vantagepoint.  

The Snap One vulnerabilities, if exploited, “could allow an attacker to impersonate and claim devices, execute arbitrary