Our news

  • ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises

    Today, the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and other U.S. and international partners released the joint guide Detecting and Mitigating Active Directory Compromises. This guide informs organizations of recommended strategies to mitigate common techniques used by malicious actors to compromise Active Directory. Active Directory…

    READ MORE

  • CISA Warns of Hurricane-Related Scams

    As Hurricane Helene approaches, CISA urges users to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door…

    READ MORE

  • Predator Spyware: The Silent Stalker in The Digital Jungle

    What is Predator? Could you imagine your phone, the device on which you keep all your sensitive data, have private conversations, and always keep on your person, has betrayed you? No clicks, weird downloads, not even an alert, and no mistakes on your part. Behind the scenes, a sneaky piece of software called spyware lurks…

    READ MORE

  • Vulnerability Summary for the Week of September 16, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info CIRCUTOR–CIRCUTOR Q-SMT  CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all…

    READ MORE

  • Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229

    Versa Networks has released an advisory for a vulnerability (CVE-2024-45229) affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs. CISA urges organizations to apply necessary updates, hunt for any malicious activity, report any positive findings to CISA, and review the following for more information: Versa Advisory

    READ MORE

  • CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk…

    READ MORE

  • VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server

    VMware released a security advisory addressing vulnerabilities in the VMware Cloud Foundation and the vCenter Server. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following VMware security advisory and apply the necessary updates: VCDSA24968

    READ MORE

  • CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities

    Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, cross-site scripting vulnerabilities are preventable and should not…

    READ MORE

  • Cybersecurity and Artificial Intelligence Regulation

    Cybersecurity regulation has evolved over the years. This has become the norm as technology is constantly advancing and being used in new and scary ways. Similar to how the Health Insurance Portability and Accountability Act, otherwise known as HIPPA, tells administrators who can view patient information and how that information must be protected digitally, cybersecurity…

    READ MORE

  • New CISA Plan Aligns Federal Agencies in Cyber Defense

    Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan. Developed in collaboration with FCEB agencies, this plan provides standard, essential components of enterprise operational cybersecurity and aligns the collective operational defense capabilities across the federal enterprise. Currently, federal agencies maintain their own networks and…

    READ MORE