CISA orders federal agencies to regularly perform IT asset discovery, vulnerability enumeration

A new directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) is ordering US federal civilian agencies to perform regular asset discovery and vulnerability enumeration, to better account for and protect the devices that reside on their networks. About the Directive “Over the past several years, CISA has been working urgently to gain greater […]

Continue Reading

Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog. The details of in-the-wild exploitation of the flaw aren’t available – though, according to data collected by Greynoise, exploitation attempts don’t […]

Continue Reading

US to award $1B to state, local, and territorial governments to improve cyber resilience

The US government will award $1 billion in grants to help state, local, and territorial (SLT) governments address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and ensure cyber resilience against persistent cyber threats. “Applicants have 60 days to apply for a grant, which can be used to fund new or existing cybersecurity programs,” […]

Continue Reading

CISA adds Stuxnet bug to its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including the bug used in the Stuxnet attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of vulnerabilities added to the catalog: CVE-2022-40139: Trend […]

Continue Reading

CISA added 2 more security flaws to its Known Exploited Vulnerabilities Catalog

CISA added more security flaws to its Known Exploited Vulnerabilities Catalog, including Windows and iOS flaws. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, a Windows privilege escalation vulnerability, tracked as CVE-2022-37969, and an arbitrary code execution issue, tracked as CVE-2022-32917, affecting iPhones and Macs. According to Binding […]

Continue Reading

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 12 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including four vulnerabilities in D-Link routers, two Chrome zero-day issues, and a recently disclosed flaw in the QNAP Photo Station. According to Binding Operational […]

Continue Reading

CISA adds 10 new flaws to its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including a high-severity security flaw (CVE-2021-38406 CVSS score: 7.8) impacting Delta Electronics industrial automation software. According to Binding Operational Directive (BOD) 22-01: […]

Continue Reading