Additionally, the Committee favorable reported legislation that will enhance supply chain security, encourage made in America DHS uniforms, prevent acts of terrorism committed using rental vehicles, and improve cybersecurity in K-12 schools. Keep Reading
Entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system. Keep Reading
Biden also formally established the voluntary public-private partnership Industrial Control System Cybersecurity Initiative. Keep Reading
As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed 13 malware samples related to exploited Pulse Secure devices. Keep Reading
The cybersecurity threats posed to the industrial control systems (ICS) that control and operate critical infrastructure are among the most significant and growing issues confronting our nation. Keep Reading
Targeted industries included, among others, aviation, defense, education, government, health care, biopharmaceutical and maritime. Keep Reading
The emergency directive is in response to validated active exploitations. CISA is concerned that exploitation of this vulnerability may lead to full system compromise of affected agency networks if left unmitigated. Keep Reading
CISA has released an analysis and infographic detailing the findings from the Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year (FY) 2020 across multiple sectors. Keep Reading
Kaseya has released VSA version 9.5.7a for their VSA On-Premises software. This version addresses vulnerabilities that enabled the ransomware attacks on Kaseya’s customers. Keep Reading
Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Keep Reading
A hold had been placed on her nomination as high-profile ransomware attacks highlighted importance of agency. Keep Reading
CISA encourages users and administrators to review the Microsoft Security Updates as well as CERT/CC Vulnerability Note VU #383432 and apply the necessary updates or workarounds. Keep Reading
In this role, Murray will oversee the Chemical Facility Anti-Terrorism Standards (CFATS) program, proposed Ammonium Nitrate Security Program, and voluntary chemical security initiatives. Keep Reading
The Senate’s failure to confirm a new director for DHS’s top cybersecurity agency before the chamber goes on a two-week recess has raised ire from cybersecurity leaders who say the role is too important to leave unfilled. Keep Reading
The GAO’s review of HHS reveals a lack of collaboration and leading practices between the entities during the COVID-19 pandemic, during an increased number of cyber threats. Keep Reading
At a later date, CISA will provide the authoritative list of software categories that are within the scope of the definition and to be included in the initial phase of implementation. Keep Reading
Secretary tells lawmakers he's a "cheerleader" for CISA as Congress members worry whether funding is enough. Keep Reading
CISA has released an Industrial Controls Systems (ICS) Medical Advisory on multiple vulnerabilities in the ZOLL Defibrillator Dashboard. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Keep Reading
CISA created this guide in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI), a DHS-owned R&D center operated by MITRE, which worked with the MITRE ATT&CK team. Keep Reading
The Federal Bureau of Investigation (FBI) has released an FBI FLASH, APT Actors Exploiting Fortinet Vulnerabilities to Gain Access for Malicious Activity, which describes advanced persistent threat (APT) actors exploiting known Fortinet FortiOS vulnerabilities. Keep Reading