The Record
The bug has caused alarm for weeks as cybersecurity experts warned that many government agencies and major companies were leaving their appliances exposed to the internet — opening themselves up to attacks.
The Record
The U.S. government is offering “cutting-edge cybersecurity shared services” to critical infrastructure organizations that need it most.
The Record
The Ukrainian military’s ability to recover from the Russian attack on satellite company Viasat is an example of the need for redundant systems and resilient organizations, according to a top U.S. government cybersecurity official.
The Record
Israel is experiencing direct cyber and misinformation attacks from a variety of adversaries as it battles Hamas, according to NSA’s Rob Joyce.
CyberSecurity Dive
The group, led by Tenable CEO Amit Yoran, raised concerns that significant cuts to the agency would undermine efforts to combat rising threats to critical infrastructure and federal systems.
CyberSecurity Dive
Microsoft researchers described Octo Tempest, or Oktapus, as one of the most dangerous financial criminal groups currently in operation.
The Record
A catalog of exploited vulnerabilities run by the top cybersecurity agency in the U.S. is having a significant effect on the security of federal civilian agencies, according to Congressional testimony from a senior official.
The Record
The Cybersecurity and Infrastructure Security Agency (CISA) is working with industry stakeholders and government agencies on a new version of the National Cyber Incident Response Plan (NCIRP) — the framework that outlines the country’s response to significant cyber incidents.
Bleeping Computer
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations.
Ars Technica
Adding fake watermarks to real images, evading current watermarking methods is not hard.
CyberSecurity Dive
The cloud giant will start requiring users with the highest level of privileges to use MFA starting in mid-2024. Google, in response, said it will mandate MFA for certain accounts this year.
The Record
A sophisticated hacking group tied to the government of China is exploiting routers in attacks on a variety of organizations, cybersecurity agencies in the United States and Japan warned.
Infosecurity News
New roadmap will cover Fiscal Year 2024-26
Infosecurity News
The open source tool will enable cyber teams to consistently test and boost the defenses of ICS environments
The Record
The Cybersecurity and Infrastructure Security Agency (CISA) has partnered with the nonprofit MITRE to develop a cyberattack emulation platform specifically for operational technology (OT) networks in an attempt to protect critical infrastructure.
The Record
A collaboration between the U.S.’s cybersecurity defense agency and private companies published its first plan to address security issues with remote monitoring and management (RMM) tools on Wednesday.
CyberSecurity Dive
Federal agencies put out a request for information Thursday, building on Biden administration priorities to help secure open source post-Log4j.
CyberSecurity Dive
Multiple hospitals in the system are still experiencing complications or closures as of Monday.
CyberSecurity Dive
The agency outlined a major push to recognize and respond to immediate cyberthreats and make secure development practices a priority.
Infosecurity News
The US’ leading cybersecurity agency calls for us to “embody the hacker spirit” in its latest strategic plan
CyberScoop
The list includes well-known vulnerabilities impacting Fortinet's VPNs and Log4Shell that hackers still routinely exploit.
Ars Technica
US agency urged Microsoft to expand access to logs that can identify cyberattacks.
Bleeping Computer
Microsoft is expanding access to additional cloud logging data for customers worldwide at no additional cost, allowing easier detection of breached networks and accounts.
CyberSecurity Dive
Federal officials and rivals blasted the company for charging customers for additional security features.
Trend Micro
Ongoing developments on this topic will be added to this thread. We invite you to bookmark this page and check back.
CyberScoop
The Cybersecurity and Infrastructure Security Agency said it's working with "several federal agencies" affected by a flaw in the file transfer software.
CyberScoop
CISA and the FBI offered details to help organizations protect themselves against the group that has claimed hundreds of victims.
DarkReading
As the second Kaminsky Fellow, Dr. Andrews will study the use of threat intelligence to track campaigns against the human rights community.
Infosecurity News
As tensions rise between China and Taiwan, US Government officials are keen to implement lessons learned from Ukraine’s cyberwar in preparation
Infosecurity News
Protecting the democratic process from cyber-criminals is a top priority for CISA over the next 18 months, ahead of the US General Election
Infosecurity News
The CISA and CNMF prevent a foreign-based cyber-criminal carrying out an attack on three US Federal Agencies
CSO
Top industrial cybersecurity competitors establish ETHOS, an early warning system that could help spot and avert damaging attacks on operational technology.
CyberSecurity Dive
The platform will provide a vendor-agnostic option for sharing early threat information and intelligence across industries, the group said Monday.
DarkReading
An agency team will identify vulnerabilities being exploited by ransomware groups and alert organizations ahead of attacks, CISA says.
Infosecurity News
The Agency will warn critical infrastructure entities to enable mitigation before an incident
CyberSecurity Dive
The agency already warned dozens of organizations about ProxyNotShell.
CyberSecurity Dive
The Joint Cyber Defense Collaborative dedicated its 2023 agenda to particularly vulnerable sectors and open source use in industrial systems.
CyberScoop
Advances in machine learning will make it cheaper and easier to carry out influence operations at scale.
The Record
Momentum is building around a recently created Biden administration task force meant to unite the federal government against ransomware.
CyberSecurity Dive
Fears of catastrophic cyberattacks have thus far failed to materialize. But federal authorities stress threat actors are playing the long game.
CyberSecurity Dive
The actors compromised a federal civilian agency, CISA and the FBI said. Authorities warned VMware users to assume breach and hunt for threats if they skipped patches or workarounds.
CyberSecurity Dive
Federal authorities want to take the guesswork and manual decision making processes out of the messy world of vulnerabilities.
Infosecurity News
Remediation efforts are prioritized based on exploitation status, safety impact and prevalence criteria
The Record
The Vice Society ransomware group has leaked a portion of the 500 GBs of data they stole from Los Angeles Unified School District last month.
CyberSecurity Dive
Most ICS technology was designed more than 20 years ago and built without cyber resilience, Idaho National Laboratory's Vergle Gipson said.
CyberSecurity Dive
Organizations can be unwilling to notify government officials when ransomware intrusions occur, but that simple act might prevent the next attack.
The Record
The U.S. government unveiled a slate of sanctions, charges and bounties related to a group of Iranian nationals accused of launching ransomware attacks in the U.S. and abroad.
The Record
CISA held its fourth Cybersecurity Advisory Committee meeting yesterday, kicking off the latest round of recommendations from cyber experts.
The Record
At a time when Vladimir Putin is attempting to redraw the Iron Curtain, we take a trip back to the Soviet Union circa 1985 when four American musicians smuggled messages in and out of the Soviet Union — with music. Plus, DefCon’s answer to those alien transmissions.
CyberSecurity Dive
The fix comes two weeks after the industry was forced to improvise with a workaround solution, while nation-state and criminal actors exploited the vulnerability.
CyberSecurity Dive
Attackers could take control of affected devices without need for authentication.
CSO
A joint proposal from federal cybersecurity and defense agencies defines a process for ensuring the security of 5G networks.
CyberSecurity Dive
More than 50 federal agencies expect to have EDR technology by the end of fiscal year.
CyberSecurity Dive
The malware initially targeted Schneider Electric and Omron controllers.
Ars Technica
The biggest hack since Russia’s war began knocked thousands of people offline.
CyberSecurity Dive
The FBI and CISA warned of potential new threats against satellite communications providers.
ZDNet
The White House is holding a meeting today with tech leaders to discuss Log4J and other potential flaws.
The Record
The Pentagon last month pivoted an ongoing bug bounty program to track down Log4j vulnerabilities on potentially thousands of public-facing military websites, the first time the Defense Department marshaled the ethical hacker community to tackle an emerging digital crisis.
ZDNet
CISA officials wondered if quick Log4j mitigations helped protect most organizations -- or if attackers are waiting to leverage their new access.