Cybersecurity and Infrastructure Security Agency

Securing open source software: Whose job is it, anyway?

CISA announces more help, and calls on app makers to step up

CSO08 Mar 2024 | 21

LockBit's contested claim of fresh ransom payment suggests it's been well hobbled

Infosec in brief ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns

Security04 Mar 2024 | 1

IT suppliers hacked off with Uncle Sam's demands in aftermath of cyberattacks

Plan says to hand over keys to networks – and report intrusions within eight hours of discovery

Public Sector08 Feb 2024 | 36

Biden will veto attempts to kill off SEC's security breach reporting rules

Senate, House can try but won't make it past the Prez, says White House

Security01 Feb 2024 | 18

Wait, security courses aren't a requirement to graduate with a computer science degree?

Comment And software makers seem to be OK with this, apparently

CSO26 Jan 2024 | 64

CISA boss swatted: 'While my own experience was certainly harrowing, it was unfortunately not unique'

Election officials, judges, politicians, and gamers are in swatters' crosshairs

Cyber-crime23 Jan 2024 | 46

UK water giant admits attackers broke into system as gang holds it to ransom

Comes mere months after Western intelligence agencies warned of attacks on water providers

Cyber-crime23 Jan 2024 | 35

Future of America's Cyber Safety Review Board hangs in balance amid calls for rethink

Politics-busting, uber-transparent incident reviews require independence, less internal conflict

Security18 Jan 2024 |

Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users

Updated National security and infosec authorities band together to help victims sniff out stealthy Russian baddies hiding in networks

Cyber-crime14 Dec 2023 | 1

Surprise! Email from personal. information.reveal@gmail.com is not going to contain good news

Internet plod highlight tactics used by cruel Karakurt crime gang

Cyber-crime14 Dec 2023 | 33

US and EU infosec authorities pen intel-sharing pact

As Cyber Solidarity Act edges closer to full adoption in Europe

Cyber-crime07 Dec 2023 | 2

A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list

Apparently no one thought to check if this D-Link router 'issue' was actually exploitable

Security06 Dec 2023 | 6

CISA details twin attacks on federal servers via unpatched ColdFusion flaw

Tardy IT admins likely to get a chilly reception over the lack of updates

Security05 Dec 2023 | 2

UK and US lead international efforts to raise AI security standards

17 countries agree to adopt vision for artificial intelligence security as fears mount over pace of development

AI + ML27 Nov 2023 | 13

Ransomware royale: US confirms Royal, BlackSuit are linked

Royal alone scored $275M in past year as FBI, other agencies hot on merging trail

Cyber-crime14 Nov 2023 | 1

LockBit alleges it boarded Boeing, stole 'sensitive data'

Security In Brief ALSO: CISA begs for a consistent budget, Las Vegas school breach; Nigeria arrests six cyber princes, the week's critical vulnerabilities

Security30 Oct 2023 | 3

US cybercops urge admins to patch amid ongoing Confluence chaos

Do it now, no ifs or buts, says advisory

Patches17 Oct 2023 | 2

Regulator, insurers and customers all coming for Progress after MOVEit breach

Infosec in brief Also, CISA cataloging new ransomware data points, 17k WP sites hijacked by malware in Sept., and more critical vulns

Security16 Oct 2023 | 3

CISA reveals 'Admin123' as top security threat in cyber sloppiness chart

Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam

Security06 Oct 2023 | 8

CISA barred from coordinating with social media sites to police misinformation

The 5th Circuit's re-ruling adds CISA to a list of alleged first-amendment violators. Next stop: Supreme Court

Security04 Oct 2023 | 30

CISA boss says US alliance with Ukraine over past year is closer than Five Eyes

Black Hat And maybe shore up that critical infrastructure some more, America

Black Hat and DEF CON10 Aug 2023 | 14

Cyber-extortionists pillage Colorado education dept

Hey, breacher, leave those kids alone

Cyber-crime08 Aug 2023 | 7

Five Eyes nations detail dirty dozen most exploited vulnerabilities

Infosec in brief PLUS: FBI admits buying NSO spyware; "IT" company busted for drugs 'n guns biz; this week's critical vulns

Security07 Aug 2023 | 6

Prepare for plenty more pain from Ivanti's MDM flaws, warn cyber agencies

Invaders already spent four or more months frolicking inside Norwegian government servers

Patches03 Aug 2023 | 7

Millions of people's data stolen because web devs forget to check access perms

IDORs of the storm

CSO29 Jul 2023 | 39

Under CISA pressure collab, Microsoft makes cloud security logs available for free

In hindsight, it's probably good practice to give clients access to cloud logs

Cyber-crime20 Jul 2023 | 7

LockBit louts unload ransomware at Japan’s most prolific cargo port

Nagoya Harbor hit the rocks yesterday but looks to be afloat once more

Black Hat and DEF CON06 Jul 2023 | 1

It's 2023 and memory overwrite bugs are not just a thing, they're still number one

Cough, cough, use Rust. Plus: Eight more exploited bugs added to CISA's must-patch list

Research29 Jun 2023 | 71

US government hit by Russia's Clop in MOVEit mass attack

CISA chief tells us exploitation 'largely opportunistic', not on same level of SolarWinds

CSO15 Jun 2023 | 7

Online muggers make serious moves on unpatched Microsoft bugs

Win32k and Visual Studio flaws are under attack

Security09 Jun 2023 | 3

Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns

Oracle and Apache holes also on Uncle Sam's list of big bad abused bugs

Patches02 May 2023 | 1

Google adds account sync for Authenticator, without E2EE

in brief Also: Your Salesforce Community site might be leaking; a new CPU side-channel; and this week's critical vunls

Security01 May 2023 | 7

Menaced by miscreants, critical infrastructure needs a good ETHOS. Ah, here's one

RSA Conference 2023 OT firms construct handy early-warning info-sharing system

Spotlight on RSA25 Apr 2023 | 5

US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster

It's not all doom and gloom because ML also amplifies defensive efforts, probably

CSO12 Apr 2023 | 15

40% of IT security pros say they've been told not to report a data leak

In Brief Plus: KFC, Pizza Hut owner spills more beans on ransomware hit... latest critical flaws... and more

Cyber-crime11 Apr 2023 | 16

It's this easy to seize control of someone's Nexx 'smart' home plugs, garage doors

Netizens urged to disconnect kit after 40,000-plus devices found riddled with dumb bugs

Security07 Apr 2023 | 41

CISA unleashes Untitled Goose Tool to honk at danger in Microsoft's cloud

Not a headline we expected to write today

CSO24 Mar 2023 | 11

Critical infrastructure gear is full of flaws, but hey, at least it's certified

Security researchers find bugs, big and small, in every industrial box probed

CSO23 Mar 2023 | 20

CISA joins forces with Women in CyberSecurity to break up the boy's club

in brief Also, the FBI just admitted to bypassing warrants by buying cellphone location data, and this week's actionable items

Security13 Mar 2023 | 16

EPA orders US states to check cyber security of public water supplies

Don’t let miscreants poison the wells

Security06 Mar 2023 | 7

US cybersecurity chief: Software makers shouldn't lawyer their way out of security responsibilities

SCSW Who apart from Microsoft is happy with the ship now, oh just fix it later approach?

Security28 Feb 2023 | 32

ESXiArgs ransomware fights off Team America's data recovery script

Want a clue to what you’re dealing with? Check the ransom note

Security16 Feb 2023 | 1

Among the thousands of ESXiArgs ransomware victims? FBI and CISA to the rescue

Evil code hits more than 3,800 servers globally, according to the Feds

Security08 Feb 2023 | 1

CISA sends schools back to the classroom on security

Oy, teacher, protect those kids online

Government Tech Week25 Jan 2023 | 1

Homeland Security, CISA builds AI-based cybersecurity analytics sandbox

High-spec system is crucial to defending against the latest threats

Government Tech Week10 Jan 2023 | 5

FBI warns about Cuba, no, not that one — the ransomware gang

Critical infrastructure attacks ramping up

Security02 Dec 2022 | 1

US military goes zero-trust on software

CISA updates security framework, tech industry calls it 'confusing'

Software23 Nov 2022 | 13

LockBit suspect cuffed after ransomware forces emergency services to use pen and paper

In Brief Plus: CISA has a flowchart for patching, privacy campaign goes after face search engine

Cyber-crime12 Nov 2022 | 13

Biden now wants to toughen up chemical sector's cybersecurity

Control panels facing the internet? Data stolen? You gotta keep an ion this stuff

CSO27 Oct 2022 | 6

Alert: This ransomware preys on healthcare orgs via weak-ass VPN servers

FBI, CISA warn of Daixin gang after OakBend Medical Center hit

Cyber-crime24 Oct 2022 | 1

CISA warns of security holes in industrial Advantech, Hitachi kit

When we concede that everything has bugs, we wish it wasn't quite everything

Patches20 Oct 2022 | 2

It’s 2022 and netizens are only now getting serious about cybersecurity

US folks start to get the message about protecting themselves online

Security10 Oct 2022 | 12

Foreign spies hijacking US mid-terms? FBI, CISA are cool as cucumbers about it

I think we can handle one little Russia. We sent two units, they're bringing any attempts down now

Security06 Oct 2022 | 40

Cyber-snoops broke into US military contractor, stole data, hid for months

Tell us it’s Russia without telling us it’s Russia

Security05 Oct 2022 | 14

Uncle Sam orders federal agencies to step up scans for govt IT security holes

Good time to be selling automation tools

Security04 Oct 2022 | 2

Atlassian, Microsoft bugs on CISA’s must-patch list after exploitation spree

Some days, security just feels like a total illusion. OK, most days...

Patches04 Oct 2022 | 7