"Couple this with more recent events ... and it has become evident that it is your turn to act," says the new Office for Bombing Prevention Bulletin from DHS' Cybersecurity and Infrastructure Security Agency. Keep Reading
While several of the teams and stadiums regularly review plans and conduct drills, for the second year in a row, a leaguewide exercise was held to allow everyone to share best practices and discuss coordination should an incident affect more than one venue. Keep Reading
The Cybersecurity and Infrastructure Security Agency wants to know whether industry can meet certain performance and security features to support a threat-hunting system. Keep Reading
President Joe Biden is hiring a group of national security veterans with deep cyber expertise, drawing praise from former defense officials and investigators as the U.S. government works to recover from one of the biggest hacks of its agencies attributed to Russian spies. Keep Reading
Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common in Internet-of-Things (IoT) and other embedded devices. Keep Reading
"The threat is real and the threat is every day and we have to do a much better job than we are doing now," nominee tells senators, stressing that "CISA must improve the cyber hygiene of the federal government." Keep Reading
The strategy focuses on securing the homeland through "persistent presence and all domain awareness," strengthening "access, response, and resilience" in the Arctic, and advancing Arctic governance. Keep Reading
The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. Keep Reading
The clear threat was obvious and it didn’t require breaking encryption or dark web monitoring to identify it. Keep Reading
“That being said, we do believe that the number will remain extremely small because of the highly targeted nature of this campaign." Keep Reading
SolarWinds is currently investigating how hackers penetrated its systems and inserted malicious software into an update to the company's popular Orion products. Keep Reading
The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an advisory on a vulnerability in Zyxel firewalls and AP controllers. A remote attacker could exploit this vulnerability to take control of an affected system. Keep Reading
The U.S. will also develop procedures to identify and investigate cyber risks in critical ship and port systems. Keep Reading
The awards recognize those who devote their lives to protecting our people, our resources, our way of life. Keep Reading
By bringing together representatives from multiple agencies involved in the 63rd annual DAYTONA 500, set for Sunday, February 14, participants discussed their roles, shared best practices, and improved coordination mechanisms to help keep the public safe. Keep Reading
As federal agencies continue to evolve cloud infrastructures, they are likewise evolving security approaches. Keep Reading
CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. Keep Reading
If left unchecked, this threat actor has the resources, patience, and expertise to resist eviction from compromised networks and continue to hold affected organizations at risk. Keep Reading
In support of the Office of Management and Budget (OMB) Memorandum (M) 19-26: Update to the TIC Initiative, the TIC 3.0 Remote User Use Case is a new addition to the TIC 3.0 core guidance, released in July 2020. Keep Reading
This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks. CISA is investigating other initial access vectors in addition to the SolarWinds Orion supply chain compromise. Keep Reading