CISA

  • Blog
    digitpatrox1 day ago
    17

    CISA flags Craft CMS code injection flaw as exploited in attacks

    The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high severity (CVSS v3 score: 8.0)  code injection (RCE) vulnerability impacting Craft CMS versions 4 and 5. Craft CMS is a content management system (CMS) used for building websites…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    28

    CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise

    Welcome. Tell us a little bit about you. This will help us provide you with customized content. First Name Last Name Job Title Company Name Company Size Select a size 1 – 4 5 – 9 10 – 24 25 – 49 50 – 99 100 – 249 250 – 499 500 – 999 1000 – 4999 5000 – 9999…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    37

    CISA orders agencies to patch Linux kernel bug exploited in attacks

    ​CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks. Tracked as CVE-2024-53104, the security bug was first introduced in kernel version 2.6.26 and was patched by Google for Android users on Monday. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation,” the Android February 2025…

    Read More »
  • Blog
    digitpatroxJanuary 16, 2025
    49

    CISA shares guidance for Microsoft expanded logging capabilities

    ​CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. As the cybersecurity agency explained, these newly introduced Microsoft Purview Audit (Standard) logging capabilities support enterprise cybersecurity operations by providing access to information on critical events such as mail sent, mail accessed, and user…

    Read More »
  • Blog
    digitpatroxJanuary 14, 2025
    67

    CISA orders agencies to patch BeyondTrust bug exploited in attacks

    ​CISA has tagged a command injection vulnerability (CVE-2024-12686) in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks. As mandated by the Binding Operational Directive (BOD) 22-01, after being added to CISA’s Known Exploited Vulnerabilities catalog, U.S. federal agencies must secure their networks against ongoing attacks targeting the flaw within three weeks by February 3.…

    Read More »
  • Blog
    digitpatroxJanuary 7, 2025
    60

    CISA warns of critical Oracle, Mitel flaws exploited in attacks

    CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. The cybersecurity agency added a critical path traversal vulnerability (CVE-2024-41713) found in the NuPoint Unified Messaging (NPM) component Mitel’s MiCollab unified communications platform to its Known Exploited Vulnerabilities Catalog. This security bug allows…

    Read More »
  • Blog
    digitpatroxJanuary 6, 2025
    52

    CISA says recent government hack limited to US Treasury

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that the Treasury Department breach disclosed last week did not impact other federal agencies. “At this time, there is no indication that any other federal agencies have been impacted by this incident,” CISA said. “CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response.” The Treasury…

    Read More »
  • Blog
    digitpatroxDecember 19, 2024
    76

    CISA issues new directive to bolster cloud security – and Microsoft was singled out

    A new directive issued by the US Cybersecurity and Infrastructure Security Agency (CISA) has been met positively by industry experts who say it will bolster cloud security. Announced on 17 December, the directive will focus on safeguarding federal information and information systems. It requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and ensure that cloud environments…

    Read More »
  • Blog
    digitpatroxDecember 17, 2024
    75

    CISA orders federal agencies to secure Microsoft 365 tenants

    ​CISA has issued this year’s first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their cloud environments by implementing a list of required secure configuration baselines (SCBs). While CISA has only finalized the SCBs for Microsoft 365, it plans to release additional baselines for other cloud platforms, starting with Google Workspace (anticipated to enter scope in Q2 of…

    Read More »
  • Blog
    digitpatroxDecember 14, 2024
    158

    CISA warns water facilities to secure HMI systems exposed online

    CISA and the Environmental Protection Agency (EPA) warned water facilities today to secure Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks. HMIs are dashboards or user interfaces that help human operators connect to, monitor, and control industrial machines and devices via tablets, portable computers, or built-in displays. “In the absence of cybersecurity controls, threat actors can exploit exposed HMIs at WWS…

    Read More »
Load More
Back to top button
close