Cybersecurity and Infrastructure Security Agency

Alert: This ransomware preys on healthcare orgs via weak-ass VPN servers

FBI, CISA warn of Daixin gang after OakBend Medical Center hit

Cyber-crime24 Oct 2022 | 1

CISA warns of security holes in industrial Advantech, Hitachi kit

When we concede that everything has bugs, we wish it wasn't quite everything

Patches20 Oct 2022 | 2

It’s 2022 and netizens are only now getting serious about cybersecurity

US folks start to get the message about protecting themselves online

Security10 Oct 2022 | 12

Foreign spies hijacking US mid-terms? FBI, CISA are cool as cucumbers about it

I think we can handle one little Russia. We sent two units, they're bringing any attempts down now

Security06 Oct 2022 | 40

Cyber-snoops broke into US military contractor, stole data, hid for months

Tell us it’s Russia without telling us it’s Russia

Security05 Oct 2022 | 14

Uncle Sam orders federal agencies to step up scans for govt IT security holes

Good time to be selling automation tools

Security04 Oct 2022 | 2

Atlassian, Microsoft bugs on CISA’s must-patch list after exploitation spree

Some days, security just feels like a total illusion. OK, most days...

Patches04 Oct 2022 | 7

National Cybersecurity Awareness program 18 years on: Don't click that

Technology is addressing many of the cyberthreats, but the human element will always be a factor

Security03 Oct 2022 | 3

US school year opens with reading, writing, and ransomware

FBI warns that Vice Society threat group is ramping up attacks on the education sector

Cyber-crime07 Sep 2022 | 8

Microsoft: The deadline to get off Basic Auth is approaching

Exchange Online face Halloween deadline

OSes05 Sep 2022 | 50

80,000 internet-connected cameras still vulnerable after critical patch offered

Just more IoT conscripts for the botnet armies

Patches24 Aug 2022 | 15

If you haven't patched Zimbra holes by now, assume you're toast

Here's how to detect an intrusion via vulnerable email systems

Patches23 Aug 2022 |

US reveals 'Target' pic of Conti man with $10m reward offer

Fashion Police chipping in on the bounty related to costliest strain of ransomware on record

Security12 Aug 2022 | 6

Maui ransomware linked to North Korean group Andariel

Attack origins point to April 2021 first strike on Japanese target

Security10 Aug 2022 | 1

DuckDuckGo says Hell, Hell, No to those Microsoft trackers after web revolt

In brief Plus: That Twitter privacy leak, scammers send Ubers for victims, critical flaw in Cisco gear, and more

Security06 Aug 2022 | 38

US puts $10 million bounty on North Korean cyber-crews

Kim will be shaking in his shoes

Security27 Jul 2022 | 7

Security flaws in GPS trackers can be abused to cut off fuel to vehicles, CISA warns

About '1.5 million' folks and organizations use these gadgets

Security19 Jul 2022 | 29

Start using Modern Auth now for Exchange Online

Before Microsoft shutters basic logins in a few months

CSO29 Jun 2022 | 28

Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ

Use it sensibly instead – which means turning on the useful bits Microsoft doesn't enable by default

Security23 Jun 2022 | 20

OpenInfra Foundation talks about Directed Funding model for open source projects

OpenInfra Berlin Notes rise of 'pay to play' where companies try to buy way into governance – and says this is not that

PaaS + IaaS14 Jun 2022 |

Beijing-backed baddies target unpatched networking kit to attack telcos

NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points

Security08 Jun 2022 | 3

US cyber chiefs: Moving to Shields Down isn't gonna happen

RSA Conference Promises new alert notices but warn 'we can sometimes predict thunderstorms but not lightning strikes'

CSO08 Jun 2022 | 6

FBI, CISA: Don't get caught in Karakurt's extortion web

Is this gang some sort of Conti side hustle? The answer may be yes

CSO03 Jun 2022 | 7

Talos names eight deadly sins in widely used industrial software

Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS)

Patches27 May 2022 | 6

Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies

Critical authentication bypass revealed, older flaws under active attack

CSO19 May 2022 | 6

Software patching must work like car safety recalls, says US cyber boss

Black Hat Asia Adds infosec regulation coming to more industries but with a light touch, more collaboration

CSO13 May 2022 | 30

Data-wiper malware strains surge as Ukraine battles ongoing invasion

Besides files being erased, another thing being deleted: Any sense this is a coincidence

Research29 Apr 2022 | 11

Five Eyes nations reveal 2021's fifteen most-exploited flaws

Malicious cyber actors go after 2021's biggest misses, spend less time on the classics

Security28 Apr 2022 | 10

Five Eyes nations fear wave of Russian attacks against critical infrastructure

If this is surprising to operators, we are doomed

Cyber-crime21 Apr 2022 | 25

US warns North Korean Lazarus gang rising against cryptocurrency outfits

Malware-laced recruitment emails are more Kim job ill than Kim Jong-un

Security20 Apr 2022 | 5

Threat group builds custom malware to attack industrial systems

US security agencies say the tools can give hackers control of ICS and SCADA devices

Security14 Apr 2022 | 8

Microsoft dogs Strontium domains to stop attacks on Ukraine

Software giant sinkholes systems used by Russian gang

Security08 Apr 2022 | 33

China accused of cyberattacks on Indian power grid

Beijing may have had a hand in attacks in Ukraine, too

Security08 Apr 2022 | 24

Russia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln

Patch flaws and enforce authentication policies, CISA and FBI warn

Security16 Mar 2022 | 3

Analysis of leaked Conti files blows lid off ransomware gang

Not only is this payback sweet, it gives network defenders valuable intelligence

Security11 Mar 2022 | 21

China-linked malware targeted secure networks in 'multiple governments'

'Daxin' malware creates backdoors and may have been used since 2013

Security01 Mar 2022 | 3

CISA publishes list of free security tools for business protection

Agency quiet on the selection criteria but at least the price is right

Security18 Feb 2022 | 6

Russia 'stole US defense data' from IT systems

Clearly no need for leet zero-day hax when you can spearphish and exploit months-old vulnerabilities

Security17 Feb 2022 | 35

US govt: Here are another 15 security bugs under attack right now

Best plug HiveNightmare if you haven't already, unless you like new admins

Security11 Feb 2022 | 10

Sniff those Ukrainian emails a little more carefully, advises Uncle Sam in wake of Belarusian digital vandalism

NotPetya started over there, don't forget

Security19 Jan 2022 | 4

As CISA tells US govt agencies to squash Log4j bug by Dec 24, fingers start pointing at China, Iran, others

Microsoft says cyber-spies linked to Beijing, Tehran are getting busy with security flaw along with world + dog

Security15 Dec 2021 | 11

BlackMatter ransomware gang will target agriculture for its next harvest – Uncle Sam

What was that about hackable tractors?

Security19 Oct 2021 | 3

America enlists Big Tech to help it develop and execute cyber security plans

Players in ‘Joint Cyber Defense Collaborative’ include Microsoft, AWS, and Google

Security06 Aug 2021 | 14

Here's a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies

And you've patched them all, haven't you, diligent readers?

Security29 Jul 2021 | 21

Biden said to be assembling cyber dream team to sort out US govt computer security

With a little $10bn package proposed to help them on their way

Security25 Jan 2021 | 14

SolarWinds mess that flared in the holidays: Biz confirms malware targeted crocked Orion product

CISA flags ‘further hardening’ advice as Microsoft reveals internal account compromises

Security04 Jan 2021 | 9

US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor

Windows giant, nuclear administration play down danger – and kill switch found and activated

Security18 Dec 2020 | 86

Trump fires cybersecurity boss Chris Krebs for doing his job: Securing the election and telling the truth about it

Terminated by presidential tweet that piled on the baseless election-rigging allegations CISA director sought to counter

Security18 Nov 2020 | 224

Is it Iran or Russia's hackers we need to worry about? The Russians, definitely the Russians, says US intelligence

Energetic Bear team caught breaking into govt systems, no harm done to Nov 3 elections

Security22 Oct 2020 | 50

The seven deadly sins letting hackers hijack America's govt networks: These unpatched bugs leave systems open

'Unauthorized access to elections support systems' detected tho 'no evidence to date that integrity of elections data has been compromised'

Security12 Oct 2020 | 7

Want to set up a successful bug bounty? Make sure you write it for the flaw finders and not the lawyers

Plus: Experts talk voting machine security, 'warming' of relations with infosec community

Security08 Oct 2020 | 5

Big US election coming up, security is vital and, oh look... a federal agency just got completely pwned for real

Hacker had set up shop on network using stolen Office 365 accounts

Security25 Sep 2020 | 30

US cybersecurity agency issues super-rare emergency directive to patch Windows Server flaw ASAP

Government sysadmins given weekend to fix ZeroLogon elevation of privilege bug, rest of us given stern warning

Security21 Sep 2020 | 13

Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware cruises along at 62,000 infections

If you're still using a vulnerable box, you ought to factory reset it before patching

Security27 Jul 2020 | 19

Psst.. You may want to patch this under-attack data-leaking Cisco bug – and these Ripple20 hijack flaws

In Brief Plus: US govt sounds the alarm on industrial equipment attacks

Security25 Jul 2020 | 4

Surprise surprise! Hostile states are hacking coronavirus vaccine research, warn UK and USA intelligence

Just ask us if you need help, urge NCSC and CISA

Security05 May 2020 | 48