Security news aggregator

Latest coverage for CISA

Stay informed on the latest CISA updates, guidelines, and alerts critical for robust information security and cyber threat prevention.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. Department of Homeland Security agency for reducing cyber and physical risks to critical infrastructure and federal civilian networks. Created by the 2018 CISA Act, it works with government and industry, publishes alerts and guidance, and coordinates assistance during significant incidents. Its direct federal-network role chiefly covers the Federal Civilian Executive Branch, including .gov; private-sector engagement is often voluntary or sector-specific.

Practitioners use CISA advisories and the Known Exploited Vulnerabilities catalog to prioritize patching where exploitation has been observed, and consult applicable directives and incident-response guidance. CISA supports vulnerability reporting and promotes controls such as multifactor authentication, logging, and tested recovery. A CISA alert is an actionable risk signal, not proof every organization is affected; teams should verify product, version, exposure, and obligations.

Showing 10 most recent headlines Filtered view
Bank Info Security 2 years, 4 months ago

Hackers Compromised Ivanti Devices Used by CISA

Cybersecurity Agency Says 'No Operational Impact'The U.S. Cybersecurity and Infrastructure Security Agency apparently had a good reason to urge federal agencies into resetting vulnerable Ivanti VPN devices: Hackers breached two gateways used by CISA, forcing the agency to yank them offline. The agency "immediately took offline" the impacted VPNs.

Plus: CISA pulls plug on couple of systems feared compromised There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed vulnerabilities before vendors have issued a fix.…

CISA announces more help, and calls on app makers to step up The US government and some of the largest open source foundations and package repositories have announced a series of initiatives intended to improve software supply-chain security, while also repeating calls for developers to increase support for such efforts.…

Bank Info Security 2 years, 4 months ago

CISA Launches New Efforts to Secure Open-Source Ecosystem

US Cyber Agency Aiming to Promote Information Sharing with Open Source CommunityThe U.S. Cybersecurity and Infrastructure Security Agency hopes to expand voluntary information sharing between the federal government and open-source software operators with a series of actions the agency announced following a two-day open-source security summit held at its Virginia headquarters.

ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns Infosec in brief The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down many of its systems. But despite its posturing, the gang might have suffered more than it's letting on.…