September 30, 2024 at 08:30AM Security vulnerabilities in six different Automatic Tank Gauge (ATG) systems have been disclosed, exposing them to remote attacks. Thousands of ATGs are exposed on the internet, making them a target for malicious actors. Additional flaws were found in OpenPLC, Riello NetMan 204, and AJCloud. CISA has highlighted threats to OT … Read more
September 25, 2024 at 02:13PM CISA has added CVE-2024-7593, a high-severity Ivanti vulnerability, to its Known Exploited Vulnerabilities Catalog. The flaw allows remote unauthenticated attackers to create admin accounts by bypassing the admin panel due to an authentication algorithm implementation issue in older Ivanti vTM versions. Patched in vTM versions 22.2R1, 22.3R3, 22.5R2, 22.6R2, and … Read more
September 13, 2024 at 02:05PM Dell’Oro Group’s 2Q 2024 Network Security Report shows a 6% Y/Y growth in the Network Security market, reaching $5.9 billion. Cloud-native security solutions and virtual firewalls drove the growth, but hardware-based solutions declined. Infrastructure Security reached $5 billion, with SSE revenue growing to nearly $1.5 billion. WAF revenue rose 18%, … Read more
August 16, 2024 at 06:54AM The federal government is investing $11 million in the Open-Source Software Prevalence Initiative (OSSPI) to understand and enhance the security of open-source software used in critical infrastructure. National Cyber Director Hary Coker announced the initiative, aiming to strengthen national cybersecurity and collaborate with the cybersecurity community. The initiative aligns with … Read more
August 8, 2024 at 01:25PM CISA recommends disabling the Cisco Smart Install feature due to recent abuse in attacks. Threat actors exploit weak password types and leverage other protocols to steal sensitive data. Admins are advised to disable legacy SMI protocol, implement stronger password protection, and follow best practices for securing administrator accounts and passwords … Read more
August 3, 2024 at 12:24PM CISA appointed Lisa Einstein as its first Chief Artificial Intelligence Officer. Einstein, who has been leading CISA’s AI efforts since 2023, served as the Executive Director of the CISA Cybersecurity Advisory Committee. CISA’s Director, Jen Easterly, expressed enthusiasm for Einstein’s new role, emphasizing the importance of responsible governance and secure … Read more
July 19, 2024 at 08:43AM The Cybersecurity and Infrastructure Security Agency released a supplemental manual for infrastructure resilience planning, offering guidance on enhancing security and resiliency for critical infrastructure. It includes processes, table top exercises, and key actions for resilience planning, outlined by CISA’s executive assistant director for infrastructure security, David Mussington. The manual is … Read more
July 16, 2024 at 12:45AM The U.S. CISA identified a critical security flaw in OSGeo GeoServer GeoTools as actively exploited. The vulnerability, CVE-2024-36401, allows remote code execution. Versions 2.23.6, 2.24.4, and 2.25.2 address the issue. Another flaw, CVE-2024-36404, also poses RCE risk. Federal agencies must apply fixes by August 5, 2024, amid reports of active … Read more
July 9, 2024 at 10:03AM The cyberattack on Ivanti’s asset management software has prompted action from CISA and raises questions about exploit techniques, breach response, and downtime costs. Attackers bypassed authentication and gained unauthorized access, prompting CISA to intervene and take Ivanti’s systems offline. The incident emphasizes the importance of robust cybersecurity measures and proactive … Read more
June 17, 2024 at 01:09PM The Francis Scott Key Bridge collapse in Baltimore stirred speculation about a cyberattack, highlighting the vulnerability of physical infrastructure to cyber threats. Despite the focus on physical incidents, silent cyberattacks on critical infrastructure, like the MITRE breach, remain poorly understood. The public’s fear of cyber threats necessitates greater awareness and … Read more