CISA

  • Blog
    digitpatrox15 hours ago
    11

    CISA issues warning in wake of Oracle cloud credentials leak

    CISA has issued a warning over the risk of data breaches following a security incident affecting legacy Oracle cloud environments, urging enterprises to shore up defences. In an advisory published Wednesday 16th April, the security agency said the incident “presents a potential risk to organizations and individuals” despite unconfirmed reports on the scale of the breach. CISA specifically highlighted risks…

    Read More »
  • Blog
    digitpatrox1 day ago
    9

    CISA warns of increased breach risks following Oracle Cloud leak

    On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks. CISA said, “the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts,…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    40

    CISA warns of Fast Flux DNS evasion used by cybercrime gangs

    CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the “Fast Flux” cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. Although the technique isn’t new, its effectiveness has been documented and proven repeatedly in actual cyberattacks.  How Fast Flux helps with evasion Fast Flux is a DNS technique used for evading…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    45

    CISA tags NAKIVO backup flaw as actively exploited in attacks

    CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO’s Backup & Replication software. Tracked as CVE-2024-48248, this absolute path traversal flaw can be exploited by unauthenticated attackers to read arbitrary files on vulnerable devices. The US-based backup and ransomware recovery software vendor silently patched the security flaw with the release of…

    Read More »
  • Blog
    digitpatroxMarch 13, 2025
    52

    CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted

    CISA has issued an alert over ongoing activity linked to the Medusa ransomware as a service (RaaS) group, warning it has impacted hundreds of critical organizations. The agency issued a joint advisory alongside the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), stating that as of February 2025 Medusa developers and affiliates had hit over 300 victims in…

    Read More »
  • Blog
    digitpatroxMarch 4, 2025
    57

    DHS says CISA will not stop monitoring Russian cyber threats

    The US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or report on Russian cyber activity are untrue, and its mission remains unchanged. “CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia,” the US cyber agency posted to X. “There has been no change in…

    Read More »
  • Blog
    digitpatroxMarch 3, 2025
    57

    CISA tags Windows, Cisco vulnerabilities as actively exploited

    CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it. The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary…

    Read More »
  • Blog
    digitpatroxFebruary 22, 2025
    67

    CISA flags Craft CMS code injection flaw as exploited in attacks

    The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high severity (CVSS v3 score: 8.0)  code injection (RCE) vulnerability impacting Craft CMS versions 4 and 5. Craft CMS is a content management system (CMS) used for building websites…

    Read More »
  • Blog
    digitpatroxFebruary 6, 2025
    79

    CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise

    Welcome. Tell us a little bit about you. This will help us provide you with customized content. First Name Last Name Job Title Company Name Company Size Select a size 1 – 4 5 – 9 10 – 24 25 – 49 50 – 99 100 – 249 250 – 499 500 – 999 1000 – 4999 5000 – 9999…

    Read More »
  • Blog
    digitpatroxFebruary 5, 2025
    80

    CISA orders agencies to patch Linux kernel bug exploited in attacks

    ​CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks. Tracked as CVE-2024-53104, the security bug was first introduced in kernel version 2.6.26 and was patched by Google for Android users on Monday. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation,” the Android February 2025…

    Read More »
Load More
Back to top button
close