Displaying items by tag: CISA

On Jan. 30, The Cybersecurity Infrastructure & Security Agency (CISA) released an alert, complemented by a notification from the US FDA suggesting that the Contec CMS8000 patient monitor and OEM white-label variants contain a backdoor communicating to a Chinese IP address.

The Cybersecurity and Infrastructure Security Agency (CISA), NSA, FBI and "international partners" have jointly published a guide that details best practices for defence against cyber attacks perpetrated by Chinese state actors.

COMPANY NEWS: Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today announced industry-first innovation to protect organisations from threats in the post-quantum computing era with the availability of quantum-safe encryption of secrets and credentials on the Delinea Platform.

COMPANY NEWS: Tenable, the exposure management company, today announced the release of Tenable One for OT/IoT. It is the first and only exposure management platform that provides holistic visibility into assets across IT and operational technology (OT) environments.

GUEST OPINION: The number of attacks targeting web applications and application programming interfaces (APIs) has increased significantly. Barracuda mitigated more than 18 billion attacks against applications during 2023, including 1.716 billion in December alone.

GUEST OPINION: 28 January is Data Privacy Day — known as Data Protection Day in Europe. Data privacy is about deciding who may have access to what information, while data protection is about safeguarding that information. A data breach blows both out of the water.

GUEST RESEARCH: WatchGuard Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analysed by WatchGuard Threat Lab researchers. Key findings from the data show increasing instances of remote access software abuse, the rise of cyber adversaries using password-stealers and info-stealers to thieve valuable credentials, and threat actors pivoting from utilising scripting to employing other living-off-the-land techniques to initiate an endpoint attack.

In what can only be described as poor-quality spin, the US Government"s Cybersecurity and Infrastructure Security Agency has made much of the fact that former hacker Mudge will be joining the agency in a part-time capacity. [The word hacker is used here in its original meaning: someone who plays around with code.]

Industrial cyber security firm Dragos, acting in concert with with the US Government, has worked to help mitigate a number of vulnerabilities in select communications modules manufactured by industrial security vendor Rockwell Automation.

The ‘covered list’ contains equipment and services deemed to pose an unacceptable risk to the national security of the United States and should be removed from any government infrastructure.

GUEST OPINION: Information and security professionals face the uncomfortable and bleak reality that ransomware will only get worse in 2022: increasing in its sophistication, frequency, and volume. Ransomware continues to be aided by the consistent disruption caused by the pandemic, the adoption of new technologies that increase data generation and information sharing, and the ongoing remote working by millions who are based outside the perimeter defences of their office’s network.

GUEST RESEARCH: White-hat researchers, including Claroty’s Team82, have made relatively quick work of finding vulnerabilities in the software, firmware, and communication protocols governing devices that keep shop floors running, the lights on, the water clean, and fuel pumped from refineries to homes around the world.

An FBI portal was breached by an unknown individual who sent out bogus warning emails to numerous people, and blamed a third party for the act.

COMPANY NEWS:  ExtraHop, the leader in cloud-native network detection and response (NDR) has expanded decryption support for Microsoft authentication and application protocols, providing high-fidelity detection of malicious activity associated with nearly two-thirds of the most exploited network protocols.

At least five US Government agencies have been breached in the latest attack aimed at the government, an official at the Cybersecurity and Infrastructure Security Agency says.

A recent advisory from the combined "Five Eyes" security agencies shows the attitudes by security authorities in relation to various forms of malware are changing.

US federal agencies were given until midnight on Monday (2pm Tuesday AEDT) to patch a critical hole in Windows that has been called Zerologon and submit a report about it to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency by midnight on Wednesday.