CVEs
CISA warns of high-severity vulnerability in once-popular Microsoft product
Security agency adds CVE-2012-4792 to its catalogue of known vulns and warns it can "execute arbitrary code via a crafted web site"
cyberattack
Cyberattack disrupts 911 emergency services in California
Incident blamed on 'relatively new' gang of cybercriminals.
Cybersecurity
Feds to CIOs: Actively ask your vendors if they’ve done a SQLi audit...
Fix up, look sharp: Uncle Sam is running out of patience with tech firms shipping insecure software. Vendors? Get familiar with the phrase "query parameterization"...
Cybersecurity
CISA breach: Hackers gained access to chemical sector's vulnerability assessments
Cybersecurity agency's cybersecurity appliance breached (yes, everything is broken) but no exfiltration seen says CISA
cybersecurity
FBI reveals Zero Trust adoption plans in $8 billion IT budget
Crime fighters prioritise internal network security in the wake of major data breach
ransomware
Fresh Black Basta TTPs revealed as CISA says CNI hit
Ransomware group using "Backstab" to kill EDR processes.
News
CISA issues warning over 'Midnight Blizzard' Microsoft attack
CISA has posted a new directive for US government agencies regarding targeted attacks by the Midnight Blizzard hacking team that also hit Microsoft
CISA
CISA talks up "game-changing" new data collection powers under Circia
CISA is moving into what it hopes is the home stretch for drafting and enforcing stricter reporting rules for cybersecurity incidents
operational technology
Missing vulnerabilities and threadbare staff: CISA ill-equipped to support on OT security: Watchdog
CISA has just two federal staff and five contractor staff working on its OT-specific threat hunting and/or incident response services...
cybersecurity
US gov tells software suppliers exactly how it wants them to develop secure code
As CISA reportedly admits two of its systems were breached in February due to Ivanti flaws
CISA
How secure is your package repo? CISA defines four levels of security maturity, starting at zero
"Package managers are at a critical point in the open source ecosystem and have the capability to scale security improvements across open source ecosystems"
cyberattack
Hack back: US disconnects Volt Typhoon
"This actor is not doing the quiet intelligence collection and theft of secrets... they can disrupt major services if, and when, the order comes down,"