CISA

Blog
digitpatrox23 hours ago
15

CISA says BianLian ransomware now focuses only on data theft

The BianLian ransomware operation has shifted its tactics, becoming primarily a data theft extortion group, according to an updated advisory from the U.S. Cybersecurity & Infrastructure Security Agency, the FBI, and the Australian Cyber Security Centre. This new information comes in an update to a joint advisory released in May by the same agencies, which warned about BianLian’s shifting tactics involving…
Read More »
Blog
digitpatrox4 days ago
19

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. The flaw, discovered by Rhino Security Labs and tracked as CVE-2024-1212, was addressed via an update released on February 21, 2024. However, this is the first report of it being under…
Read More »
Blog
digitpatrox1 week ago
32

CISA warns of more Palo Alto Networks bugs exploited in attacks

CISA warned today that two more critical security vulnerabilities in Palo Alto Networks’ Expedition migration tool are now actively exploited in the wild. Attackers can use the two unauthenticated command injection (CVE-2024-9463) and SQL injection (CVE-2024-9465) vulnerabilities to hack into unpatched systems running the company’s Expedition migration tool, which helps migrate configurations from Checkpoint, Cisco, and other supported vendors. While…
Read More »
Blog
digitpatrox2 weeks ago
28

CISA warns of critical Palo Alto Networks bug exploited in attacks

Today, CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. This security flaw, tracked as CVE-2024-5910, was patched in July, and threat actors can remotely exploit it to reset application admin credentials on Internet-exposed Expedition servers. “Palo Alto Expedition contains…
Read More »
Blog
digitpatroxOctober 23, 2024
56

CISA proposes new security requirements to protect govt, personal data

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is proposing security requirements to prevent adversary states from accessing American’s personal data as well as government-related information. The requirements are aimed at entities that engage in restricted transactions that involve bulk U.S. sensitive personal data or U.S. government-related data, especially if the info is exposed to “countries of concern” or “covered persons.”…
Read More »
Blog
digitpatroxOctober 10, 2024
53

CISA says critical Fortinet RCE flaw now exploited in attacks

Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. The flaw (CVE-2024-23113) is caused by the fgfmd daemon accepting an externally controlled format string as an argument, which can let unauthenticated threat actors execute commands or arbitrary code on unpatched devices in low-complexity attacks that don’t require user interaction. As Fortinet…
Read More »
Blog
digitpatroxSeptember 7, 2024
71

CISA issues alert over two high-severity DrayTek vulnerabilities – here’s what you need to know

CISA has added three security flaws to its known exploited vulnerabilities (KEV) catalog, including two affecting DrayTek’s network equipment management software, VigorConnect. The third vulnerability added to the catalog affects Kingsoft’s popular WPS Office productivity suite. All three vulnerabilities were described as path traversal flaws, that allow attackers to read sensitive files they should not be able to access. The…
Read More »
Blog
digitpatroxAugust 17, 2024
99

CISA warns critical SolarWinds RCE bug is exploited in attacks

Image: MidjourneyCISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds’ Web Help Desk solution for customer support. Web Help Desk (WHD) is IT help desk software widely used by large corporations, government agencies, and healthcare and education organizations worldwide to centralize, automate, and streamline help desk management tasks. Tracked as CVE-2024-28986, this Java deserialization…
Read More »

CISA

CISA says BianLian ransomware now focuses only on data theft

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

CISA warns of more Palo Alto Networks bugs exploited in attacks

CISA warns of critical Palo Alto Networks bug exploited in attacks

CISA proposes new security requirements to protect govt, personal data

CISA says critical Fortinet RCE flaw now exploited in attacks

CISA issues alert over two high-severity DrayTek vulnerabilities – here’s what you need to know

CISA warns critical SolarWinds RCE bug is exploited in attacks

The Best Black Friday Deals on Fitness Equipment

What Really Helps Keep Bones Strong

Power Up Your Adventures and Blackout Prep With Bluetti’s Black Friday Sale

Databarracks snaps up Commvault solution provider COOLSPIRiT

Why agentic AI will be a huge money-spinner for big tech providers

Surface Pro vs. Surface Laptop: What’s the Difference?

Yellowstone Season 5 Episode 11 Release Time and Date (Countdown Timer)

The 10th Gen iPad Is an Absolute Steal at $250 Right Now

Flight Attendants’ Best Tips for Parents Flying With a Baby

US citizen charged with aiding North Korean hackers moonlighting as tech workers

How to enable Do Not Track on your web browser for Windows

Best New-Car Deals – Consumer Reports