Ongoing Cyber Threats to U.S. Water and Wastewater Systems

This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity—by both Read More …

NSA-CISA Guidance: Selecting and Hardening Remote Access VPN Solutions

Virtual Private Networks (VPNs) allow users to remotely connect to a corporate network via a secure tunnel. Through this tunnel, users can take advantage of the internal services and protections normally offered to on-site users, such as email/collaboration tools, sensitive Read More …

CISA, FBI, and NSA Release Conti Ransomware Advisory To Help Organizations Reduce Risk Of Attack

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory today regarding increased Conti ransomware cyberattacks. The advisory includes technical details on the threat and mitigation steps Read More …

CISA: Sharing Information To Get Ahead Of Supply Chain Risks

The increase in digitization and use of information and communications technology (ICT) has improved ability of many companies to provide National Critical Functions. ICT enables access to real-time information, remote entry to networks, instant communication, and so much more. At Read More …

APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA) to highlight the cyber threat associated with active exploitation Read More …

Cisco Releases Security Updates for Cisco Enterprise NFVIS

Cisco has released security updates to address a critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS) Release 4.5.1. A remote attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity Read More …

Ransomware Awareness for Holidays and Weekends

CISA and the FBI have released an advisory warning of potential cyberattacks that may occur over the coming Labor Day weekend, noting that in recent years hackers have launched dozens of devastating attacks on long weekends. They urged organizations to Read More …

CISA Alert: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS

On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries.[1] A remote attacker could exploit CVE-2021-22156 to Read More …

NSA, CISA release Kubernetes Hardening Guidance

FORT MEADE, Md. – The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk. Read More …

CISA announces new vulnerability disclosure policy (VDP) platform

Last fall, CISA issued the final version of Binding Operational Directive (BOD 20-01), which was issued in support of the Office of Management and Budget M-20-32, “Improving Vulnerability Identification, Management, and Remediation”. This Directive reflects CISA’s commitment to strengthening cybersecurity Read More …