CISA - The Stack (Page 2)

Missing vulnerabilities and threadbare staff: CISA ill-equipped to support on OT security: Watchdog

CISA has just two federal staff and five contractor staff working on its OT-specific threat hunting and/or incident response services...

Fernanda Alvarez March 13, 2024

US gov tells software suppliers exactly how it wants them to develop secure code

cybersecurity

DevOps

News

US gov tells software suppliers exactly how it wants them to develop secure code

As CISA reportedly admits two of its systems were breached in February due to Ivanti flaws

Azania Imtiaz Patel March 13, 2024

How secure is your package repo? CISA defines four levels of security maturity, starting at zero

software supply chain

openssf

package manager

News

How secure is your package repo? CISA defines four levels of security maturity, starting at zero

"Package managers are at a critical point in the open source ecosystem and have the capability to scale security improvements across open source ecosystems"

Joe Fay February 12, 2024

cyberattack

News

Hack back: US disconnects Volt Typhoon

"This actor is not doing the quiet intelligence collection and theft of secrets... they can disrupt major services if, and when, the order comes down,"

Azania Imtiaz Patel January 30, 2024

CISA's going to name and shame vendors on insecure software

cybersecurity

News

CISA's going to name and shame vendors on insecure software

"When we see a vulnerability or intrusion campaign that could have been reasonably avoided if the software manufacturer had aligned to secure by design principles, we’ll call it out"

Edward Targett November 30, 2023

News

cybercrime

Ivanti and Veeam bugs fall under attack

CISA has sounded the alarm over a pair of actively targeted vulnerabilities in Ivanti and Veeam software

Shaun Nichols August 25, 2023

Interviews

cybersecurity

Big Interview

The Big Interview: CISA’s $7 billion CDM program aims to run pan-federal cybersecurity. Is it delivering?

"We have gotten very smart on how to do business with agencies and build in flexibility into our contracting vehicles. We took an approach early on to divide and conquer..."

Edward Targett August 21, 2023

NetScaler vulnerability, CVE-2023-3519 IOCs

Citrix

vulnerabilities

News

Citrix zero day used to attack critical infrastructure -- IOCs and detections now available

Attackers dropped a webshell, collected and exfiltrated Active Directory data, then ran into some healthy obstacles...

Edward Targett July 21, 2023

Missing vulnerabilities and threadbare staff: CISA ill-equipped to support on OT security: Watchdog

US gov tells software suppliers exactly how it wants them to develop secure code

How secure is your package repo? CISA defines four levels of security maturity, starting at zero

Hack back: US disconnects Volt Typhoon

CISA's going to name and shame vendors on insecure software

Ivanti and Veeam bugs fall under attack

The Big Interview: CISA’s $7 billion CDM program aims to run pan-federal cybersecurity. Is it delivering?

Citrix zero day used to attack critical infrastructure -- IOCs and detections now available