On July 17, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued an Alert adding three vulnerabilities to its Known Vulnerabilities Catalog. The three vulnerabilities related to Adobe, SolarWinds, and VMWare products are:
Cybersecurity & Infrastructure Security Agency
Privacy Tip #402 – CISA Issues Alert About Impersonators
Impersonation schemes are on the rise, and artificial intelligence (including deep fakes and voice cloning) will only make these schemes more difficult to detect.
Threat actors are emboldened, evidenced by the fact that the Cybersecurity and Infrastructure Security Agency (CISA) recently published an alert that threat actors are impersonating CISA employees in vishing attacks in…
Patch, Patch, Patch: Updates for Fortinet, Microsoft, and Adobe Products
Patching vulnerabilities is a difficult task. Keeping up with and patching them without disrupting users’ experience is tricky. Nonetheless, it is a necessary evil and crucial to cybersecurity hygiene and incident prevention.
On March 12, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued three Cybersecurity Alerts for Adobe, Microsoft, and Fortinet security patches.
The…
Dragos Outlines Voltzite’s Attacks Against Critical Infrastructure
In a joint release last week, the Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies issued a chilling Advisory about the ongoing attacks by Volt Typhoon on U.S. critical infrastructure. Volt Typhoon is a People’s Republic of China (PRC) sponsored group that uses slow and persistent techniques to gain entry into U.S.-based critical…
Mozilla Releases Security Updates for Thunderbird and Firefox
Mozilla recently released security updates to address known vulnerabilities in their Thunderbird and Firefox products. The Cybersecurity & Infrastructure Security Agency (CISA) is recommending that the patches be applied because “a cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.”
The updates to the Thunderbird product are designed…
CISA Alerts Manufacturers to Eliminate Default Passwords
On December 15, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) issued a Secure by Design Alert and guidance on “How Manufacturers Can Protect Customers by Eliminating Default Passwords.”
The guidance was created by CISA to “urge technology manufacturers to proactively eliminate the risk of default password exploitation by implementing principles one and three of…
CISA Issues Mitigation Guide for Healthcare + Public Health Sector
On November 17, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released a supplemental mitigation guide for the healthcare and public health sector to the Cyber Risk Summary for those sectors published on July 19, 2023.
“This guide provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting this critical infrastructure…
CISA Issues Roadmap for Artificial Intelligence
Following the White House’s Executive Order on AI, the Cybersecurity & Infrastructure Security Agency (CISA) issued its Roadmap for Artificial Intelligence this week “which is a whole-of-agency plan aligned with national AI strategy to address our efforts to: promote the beneficial uses of AI to enhance cybersecurity capabilities, ensure AI systems are protected from cyber-based…
Urgent Joint Cybersecurity Advisory on Atlassian Vulnerability Issued
The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and MS-ISAC recently released an urgent Joint Advisory on the Atlassian Confluence Vulnerability CVE-2023-22515.
According to the Alert, “this critical vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator…
CISA Issues Three Advisories for Industrial Control Systems
On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell ArmorStart, and Rockwell Automation Factory Talk Vantagepoint.
The Snap One vulnerabilities, if exploited, “could allow an attacker to impersonate and claim devices, execute arbitrary…