CISA Launches New Cyber Incident Reporting Rules for US Defense Contractors
CISA has revealed the first draft for an update of the Cyber Incident Reporting for Critical Infrastructure (CIRCIA) Act of 2022
Stay informed on the latest CISA updates, guidelines, and alerts critical for robust information security and cyber threat prevention.
Search across headline titles and summaries.
Background for this topic.
Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. Department of Homeland Security agency for reducing cyber and physical risks to critical infrastructure and federal civilian networks. Created by the 2018 CISA Act, it works with government and industry, publishes alerts and guidance, and coordinates assistance during significant incidents. Its direct federal-network role chiefly covers the Federal Civilian Executive Branch, including .gov; private-sector engagement is often voluntary or sector-specific.
Practitioners use CISA advisories and the Known Exploited Vulnerabilities catalog to prioritize patching where exploitation has been observed, and consult applicable directives and incident-response guidance. CISA supports vulnerability reporting and promotes controls such as multifactor authentication, logging, and tested recovery. A CISA alert is an actionable risk signal, not proof every organization is affected; teams should verify product, version, exposure, and obligations.
CISA has revealed the first draft for an update of the Cyber Incident Reporting for Critical Infrastructure (CIRCIA) Act of 2022
CISA will administer the new reporting requirements for cyber incidents and ransomware payments.
CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks. [...]
US Cyber Defense Agency Proposes 72-Hour Reporting Rule for Covered EntitiesThe U.S. Cybersecurity and Infrastructure Security Agency posted its proposed rulemaking to the Federal Register aiming to implement a 72-hour reporting requirement for covered critical infrastructure entities as required under the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting the Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild
A proof-of-concept exploit released last week has spurred attacks on the vulnerability, which the CISA has flagged as an urgent patch priority.
The US government wants developers to get serious about tackling SQL injection bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation
CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection (SQLi) security vulnerabilities before shipping. [...]
In a joint alert with the FBI, CISA seeks to tamp down the pervasiveness of a well-known class of bugs.