December 13, 2024 at 02:36PM CISA and the EPA have issued a warning to water facilities to protect Internet-exposed Human Machine Interfaces (HMIs) from potential cyberattacks, emphasizing the importance of security measures to safeguard these critical systems. **Meeting Takeaways:** 1. **Warning Issued**: CISA and the EPA have issued a warning regarding the security of water … Read more
December 5, 2024 at 01:18AM The U.S. CISA has added several vulnerabilities to its KEV catalog, including severe issues in Zyxel and I-O DATA products, with active exploitation reported. Recommendations for remediation by December 25, 2024, are urged for federal agencies. Meanwhile, I-O DATA advises users to enhance security until patches are released. **Meeting Takeaways … Read more
December 4, 2024 at 05:17PM Concerns over China-backed Salt Typhoon’s cyber intrusions into US telecom networks led CISA, NSA, and FBI to issue guidance for detection and mitigation. Victims like AT&T and Verizon continue to combat this extensive espionage campaign, with recommendations encouraging encrypted communications and enhanced cybersecurity measures for individuals and organizations. ### Meeting … Read more
December 4, 2024 at 08:19AM CISA warned of a high-severity vulnerability (CVE-2024-11667) in Zyxel firewall devices, exploited in the wild, allowing unauthorized file access. Zyxel issued patches, but users must change passwords for complete protection. CISA urges federal agencies to update their systems by December 24 and recommends all organizations to follow suit. ### Meeting … Read more
December 3, 2024 at 05:53PM Federal authorities are urging telecom companies to enhance network security after a significant Chinese hacking campaign accessed Americans’ private data. The FBI and cybersecurity agencies issued technical recommendations to thwart further cyberespionage, while the scale and ongoing access of the attackers remain unclear. This broad attack is part of China’s … Read more
December 3, 2024 at 05:58AM Cisco updated its advisory on the CVE-2014-2120 vulnerability, highlighting ongoing exploitation attempts. This medium-severity XSS flaw affects the WebVPN login page of Cisco ASA products. Customers are urged to upgrade to a patched version. The vulnerability was added to CISA’s Known Exploited Vulnerabilities catalog, prompting immediate action. ### Meeting Takeaways … Read more
November 27, 2024 at 06:07AM US senators have introduced the Health Care Cybersecurity and Resiliency Act of 2024, aiming to enhance cybersecurity in healthcare by updating HIPAA regulations, providing financial aid, and facilitating training. The law mandates information sharing on incidents and requires public disclosure of affected individuals, responding to rising cyber threats in the … Read more
November 26, 2024 at 07:22AM CISA has warned about a critical vulnerability (CVE-2023-28461) in Array Networks’ secure access gateways that allows remote code execution without authentication. Exploited by the group Earth Kasha, patching is crucial; federal agencies must address it by December 16. Organizations should review CISA’s KEV list and apply fixes promptly. ### Meeting … Read more
November 25, 2024 at 11:03AM The myPRO system by mySCADA has critical vulnerabilities allowing remote attackers to gain control. Discovered by researcher Michael Heinzl, the flaws include OS command injection and improper authentication. mySCADA has released patches, but the exact number of vulnerable systems remains unclear. CISA reports no known exploitations to date. ### Meeting … Read more
November 23, 2024 at 12:49PM President-elect Donald Trump nominated South Dakota Governor Kristi Noem as Homeland Security Secretary, emphasizing her hardline immigration policies. Noem’s cybersecurity background will be tested amidst rising threats. Critics worry CISA may shift focus away from disinformation and election security under her leadership, while she promotes state-led cybersecurity initiatives. ### Meeting … Read more