Secure by Design Alert: Eliminating SQL Injection Vulnerabilities in Software | CISA (www.cisa.gov)
Understanding and Responding to Distributed Denial-Of-Service Attacks | CISA (www.cisa.gov)
CISA, FBI, and MS-ISAC updated their DDoS guide, adding insights on Volumetric, Protocol, and Application attacks, aiding IT leaders and executives in defense strategies.
Chirp Systems controls access to about 50K apartment doors in the US. Last week the CSIA published a low-skill exploit (www.cisa.gov)
CISA Announces New Efforts to Help Secure Open Source Ecosystem (www.cisa.gov)
FBI, CISA Release IoCs for Phobos Ransomware (www.cisa.gov)
The FBI and CISA have detailed Phobos ransomware deployment tactics in an advisory, part of a stop-ransomware initiative with MS-ISAC. Phobos, a ransomware-as-a-service since 2019, gains access via phishing, exploits RDP ports, and escalates privileges using Windows functions. It establishes persistence, exfiltrates data for...
Updated: Top Cyber Actions for Securing Water Systems | CISA (www.cisa.gov)
CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance | CISA (www.cisa.gov)
We Must Consider Software Developers a Key Part of the Cybersecurity Workforce (www.cisa.gov)
L'avviso di CISA "Secure by Design" sollecita i produttori a eliminare le password predefinite (www.cisa.gov) Italian
Il CISA ha pubblicato una guida su come i produttori possono proteggere i clienti eliminando le password predefinite. La guida, che fa parte della serie Secure by Design (SbD) Alert, sottolinea l’assunzione della responsabilità dei risultati della sicurezza dei clienti e la creazione di una struttura organizzativa e di una...
Security agencies of US, UK, Canada, Australia and New Zealand urges industry to migrate away from memory-unsafe langauges to safe ones (such as Rust) (www.cisa.gov)
From the conclusion:...
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations (www.cisa.gov)
Through NSA and CISA Red and Blue team assessments, as well as through the activities of NSA and CISA Hunt and Incident Response teams, the agencies identified the following 10 most common network misconfigurations:...
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations (www.cisa.gov)
EXECUTIVE SUMMARY...
NSA, FBI, and CISA Release Cybersecurity Information Sheet on Deepfake Threats (www.cisa.gov)
Open Source Software Must Start with Secure Code | CISA (www.cisa.gov)
CISA highlights the importance of open source software and our efforts to help secure it.
The Urgent Need for Memory Safety in Software Products (www.cisa.gov)
Vulnerability Summary for the Week of August 14, 2023 (www.cisa.gov)
2022 Top Routinely Exploited Vulnerabilities | CISA (www.cisa.gov)
Top 12 Routinely Exploited Vulnerabilities in 2022...
Progress Software Releases Service Pack for MOVEit Transfer Vulnerabilities | CISA (www.cisa.gov)
DoS and DDoS Attacks against Multiple Sectors (www.cisa.gov)
CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability (www.cisa.gov)
Cisco Releases Security Advisories for Multiple Products | CISA (www.cisa.gov)
Joint Guidance On Identifying and Mitigating 'Living Off the Land Techniques' (www.cisa.gov)
A global alliance on agencies published a guide on how to protect against Living Off The Land (LOTL), a covert cyberattack technique in which attackers carry out malicious activities using legitimate IT administration tools....