December 13, 2023 at 08:30AM The US cybersecurity agency CISA has released draft guidance for federal agencies to securely use Google Workspace services. The guidance includes secure configuration baselines for nine GWS services and an assessment tool called ScubaGoggles. Federal agencies are encouraged to provide feedback on the draft baselines before January 12, 2024. CISA … Read more
December 7, 2023 at 01:31PM CISA and ENISA, US and EU cybersecurity agencies, will enhance collaboration by sharing threat intelligence, best practices, and legislative approaches to improve cyber defenses. This agreement includes cybersecurity training and awareness programs. Additionally, the EU progresses with the Cyber Solidarity Act, aiming for stronger cyberattack response coordination across member states. … Read more
November 28, 2023 at 05:40AM The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre have released new guidelines for secure AI system development. The guidelines focus on building security into AI systems but do not impose any rules or regulations on the industry. The guidelines cover secure design, development, … Read more
November 27, 2023 at 06:02PM The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre have released Guidelines for Secure AI System Development. The guidelines provide an outline for building security into AI systems but do not impose regulations on the industry. The guidelines cover secure design, development, deployment, and … Read more
November 21, 2023 at 05:39PM LockBit 3.0 ransomware affiliates are targeting the “Citrix Bleed” security vulnerability, prompting warnings from CISA and Citrix. The bug allows authentication bypass, giving threat actors access to user sessions and credentials. Citrix’s patch is not sufficient to protect against compromise. Organizations are advised to upgrade immediately and assess vulnerability. Thousands … Read more
November 21, 2023 at 01:01PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their systems against an actively exploited vulnerability called ‘Looney Tunables.’ The vulnerability allows attackers to gain root privileges on major Linux distributions. The flaw affects popular platforms like Fedora, Ubuntu, and Debian. Administrators are advised to … Read more
November 21, 2023 at 10:21AM The US cybersecurity agency, CISA, has launched a pilot program to provide managed cybersecurity services to non-federal critical infrastructure organizations. This program aims to reduce cybersecurity risks and deliver cost-effective solutions. The initial phase will focus on healthcare, water, and K-12 education entities, with the goal of expanding to 100 … Read more
November 17, 2023 at 08:09AM The US cybersecurity agency CISA has added vulnerabilities from Sophos, Oracle, and Microsoft to its Known Exploited Vulnerabilities (KEV) catalog. The Sophos flaw, CVE-2023-1671, has been exploited in attacks and allows for arbitrary code execution. There have been reports of Chinese threat actors exploiting Sophos vulnerabilities. CISA’s KEV list also … Read more
November 16, 2023 at 08:12AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and MS-ISAC have issued an advisory about the Rhysida ransomware. The threat actors behind Rhysida use a ransomware-as-a-service model and target organizations in various sectors. They exploit VPNs, the Zerologon vulnerability, and phishing campaigns to gain access to networks. Rhysida … Read more
November 15, 2023 at 12:51PM The FBI and CISA issued a warning about the Rhysida ransomware gang, which has been targeting organizations across various sectors. Rhysida gained notoriety after breaching the Chilean Army and targeting healthcare organizations. The advisory provides indicators of compromise and tactics used by Rhysida. The gang utilizes ransomware-as-a-service (RaaS) and exploits … Read more