Cybersecurity and Infrastructure Security Agency

200-plus impressively convincing GitHub repos are serving up malware

Infosec bytes Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack

Security26 Feb 2025 | 9

Incoming deputy boss of Homeland Security says America's top cyber-agency needs to be reined in

Plus: New figurehead of DOGE emerges and they aren't called Elon

Public Sector26 Feb 2025 | 37

Ghost ransomware crew continues to haunt IT depts with scarily bad infosec

FBI and CISA issue reminder - deep sigh - about the importance of patching and backups

Ransomware in Focus20 Feb 2025 | 7

Time to make C the COBOL of this century

Opinion Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees

CSO18 Feb 2025 | 222

Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff

CSO13 Feb 2025 | 75

Dems want answers on national security risks posed by hiring freeze, DOGE probes

Updated Are cybersecurity roles included? Are Elon's enforcers vetted? Inquiring minds want to know

Security06 Feb 2025 | 35

US freezes foreign aid, halting cybersecurity defense and policy funds for allies

Updated Uncle Sam will 'no longer blindly dole out money,' State Dept says

Public Sector27 Jan 2025 | 86

Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch

Feature Everyone agrees defense matters. How to do it is up for debate

CSO22 Jan 2025 | 20

CISA: Wow, that election had a lot of foreign trolling. Trump's Homeland Sec pick: And that's none of your concern

Cyber agency too 'far off mission,' says incoming boss Kristi Noem

Public Sector18 Jan 2025 | 81

Biden signs sweeping cybersecurity order, just in time for Trump to gut it

Analysis Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive

Public Sector17 Jan 2025 | 40

China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says

We are only seeing 'the tip of the iceberg,' Easterly warns

Security15 Jan 2025 | 11

Mitel 0-day, 5-year-old Oracle RCE bug under active exploit

3 CVEs added to CISA's catalog

Security08 Jan 2025 | 4

Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

But can you really take crims at their word?

Security16 Dec 2024 | 1

T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career'

Interview Security chief talks to El Reg as Feds urge everyone to use encrypted chat

CSO05 Dec 2024 | 54

Trump taps border hawk to head DHS. Will Noem's 'enthusiasm' extend to digital domain?

Analysis Meanwhile, CISA chief Jen Easterly will step down prior to inauguration

Public Sector23 Nov 2024 | 41

Here's what happens if you don't layer network security – or remove unused web shells

TL;DR: Attackers will break in and pwn you, as a US government red team demonstrated

Security22 Nov 2024 | 4

Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign'

Updated Feds don't name Salt Typhoon, but describe Beijing band's alleged deeds

Research14 Nov 2024 | 5

ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue

Plus: CISA's ScubaGear dives deep to fix M365 misconfigs

CSO14 Nov 2024 | 2

The US government wants developers to stop using C and C++

Opinion Does anyone want to tell Linus Torvalds? No? I didn't think so

Software08 Nov 2024 | 233

FortiManager critical vulnerability under active attack

Updated Security shop and CISA urge rapid action

Cybersecurity Month23 Oct 2024 | 7

Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch

Plus, a POC to make it extra easy for attackers

Security23 Oct 2024 |

Critical hardcoded SolarWinds credential now exploited in the wild

Another blow for IT software house and its customers

Security16 Oct 2024 | 23

Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

Poor use of PHP include() strikes again

Cybersecurity Month02 Oct 2024 | 4

Extracting vendor promises won't fix cybersecurity. Extracting teeth might

Opinion One branch of tech has learned to work together to solve the near-impossible. Now it's our turn

Applications30 Sep 2024 | 43

10 nasty software bugs put thousands of fuel storage tanks at risk of cyberattacks

Thousands of devices remain vulnerable, US most exposed to the threat

Security24 Sep 2024 | 18

Ivanti patches exploited admin command execution flaw

Fears over chained attacks affecting EOL product

Patches20 Sep 2024 | 8

CISA boss: Makers of insecure software must stop enabling today's cyber villains

Write better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret'

Software20 Sep 2024 | 93

Check your IP cameras: There's a new Mirai botnet on the rise

Infosec in brief Also, US offering $2.5M for Belarusian hacker, Backpage kingpins jailed, additional MOVEit victims, and more

Security31 Aug 2024 | 22

RansomHub hits 210 victims in just 6 months

The ransomware gang recruits high-profile affiliates from LockBit and ALPHV

Cyber-crime30 Aug 2024 |

Iran named as source of Trump campaign phish, leaks

Political stirrer Roger Stone may have been a weak link after personal emails cracked

Security20 Aug 2024 | 40

US elections have never been more secure, says CISA chief

Black Hat Election tech is fine – it's all those idiots buying into the propaganda that's worrying Jen Easterly

Security08 Aug 2024 | 45

FBI, CISA remind US voters that DDoS attacks can't touch election systems

PSA comes amid multiple IT services crises in recent days

Cyber-crime01 Aug 2024 | 16

CISA broke into a US federal agency, and no one noticed for a full 5 months

Red team exercise revealed a score of security fails

Security12 Jul 2024 | 21

CISA director: US is 'not afraid' to shout about Big Tech's security failings

Jen Easterly hopes CSRB's Microsoft report won't impede future private sector collaboration

CSO01 Jul 2024 | 12

CISA says crooks used Ivanti bugs to snoop around high-risk chemical facilities

Crafty crims broke in but encryption stopped any nastiness

Cyber-crime25 Jun 2024 | 3

7-year-old Oracle WebLogic bug under active exploitation

Experts say Big Red will probably re-release patch in an upcoming cycle

Malware Month06 Jun 2024 | 6

RSA Conference 2024: The good, the bad, and the downright worrying

Kettle If there's one thing infosec needs right now, it's a little pick-me-up

Spotlight on RSA14 May 2024 | 3

Uncle Sam urges action after Black Basta ransomware infects Ascension

Emergency ambulances diverted while techies restore systems

Cyber-crime13 May 2024 | 5

Critical infrastructure security will stay poor until everyone pulls together

Interview Claroty CEO Yaniv Vardi tells us what's needed to defend vital networks

Public Sector11 May 2024 | 12

68 tech names sign CISA's secure-by-design pledge

RSAC Security's an uphill battle ... does this latest move have teeth?

Spotlight on RSA09 May 2024 | 14

CISA boss: Secure code is the 'only way to make ransomware a shocking anomaly'

RSAC And it would seriously inconvenience the Chinese and Russians, too

Spotlight on RSA08 May 2024 | 58

CISA's early-warning system helped critical orgs close 852 ransomware holes

Interview In the first year alone, that's saved us all a lot of money and woe

Spotlight on RSA07 May 2024 | 3

The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching

More work to do as most deadlines are missed and worst bugs still take months to fix

Patches07 May 2024 |

CISA says 'no more' to decades-old directory traversal bugs

Recent attacks on healthcare thrust infosec agency into alert mode

CSO06 May 2024 | 13

Federal frenzy to patch gaping GitLab account takeover hole

Warning comes exactly a year after the vulnerability was introduced

Cyber-crime02 May 2024 | 8

Psst, hey. It's the NSA. You want some AI security advice?

You can trust us, we're the good guys

AI + ML17 Apr 2024 | 2

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

Hard-coded credentials last thing you want in home security app

Security15 Apr 2024 | 49

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

CISA calls for 'fundamental, security-focused reforms' to happen ASAP, delaying work on other software

Security03 Apr 2024 | 40

Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws

Software slackers urged to up their game

Security26 Mar 2024 | 66

NVD slowdown leaves thousands of vulnerabilities without analysis data

Opinion Security world reacts as NIST does a lot less of oft criticized, 'almost always thankless' work

Security22 Mar 2024 | 5

FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert

You better watch out, you better not cry, better not pout, they're telling you why

Security21 Mar 2024 | 4

Microsoft reseller Bytes says more than 100 undisclosed share trades linked to ex-CEO

Surprise resignation of chief exec happened after FCA probe began, claims filing

Channel18 Mar 2024 | 12

Biden's budget proposal boosts CISA funding to $3B

Plus almost $1.5b for health-care cybersecurity

Security12 Mar 2024 | 5

Securing open source software: Whose job is it, anyway?

CISA announces more help, and calls on app makers to step up

CSO08 Mar 2024 | 21

LockBit's contested claim of fresh ransom payment suggests it's been well hobbled

Infosec in brief ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns

Security04 Mar 2024 | 1

IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks

Plan says to hand over keys to networks – and report intrusions within eight hours of discovery

Public Sector08 Feb 2024 | 36