CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks
Omdia Senior Analyst Hollie Hennessy says the new threat to multiple ICS and SCADA devices underscores the importance of a rapid response to IoT and OT security risks.
Stay informed on the latest CISA updates, guidelines, and alerts critical for robust information security and cyber threat prevention.
Search across headline titles and summaries.
Background for this topic.
Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. Department of Homeland Security agency for reducing cyber and physical risks to critical infrastructure and federal civilian networks. Created by the 2018 CISA Act, it works with government and industry, publishes alerts and guidance, and coordinates assistance during significant incidents. Its direct federal-network role chiefly covers the Federal Civilian Executive Branch, including .gov; private-sector engagement is often voluntary or sector-specific.
Practitioners use CISA advisories and the Known Exploited Vulnerabilities catalog to prioritize patching where exploitation has been observed, and consult applicable directives and incident-response guidance. CISA supports vulnerability reporting and promotes controls such as multifactor authentication, logging, and tested recovery. A CISA alert is an actionable risk signal, not proof every organization is affected; teams should verify product, version, exposure, and obligations.
Omdia Senior Analyst Hollie Hennessy says the new threat to multiple ICS and SCADA devices underscores the importance of a rapid response to IoT and OT security risks.
The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution. [...]
The Cybersecurity and Infrastructure Security Agency (CISA) has added ten new security bugs to its list of actively exploited vulnerabilities, including a high severity local privilege escalation bug in the Windows Common Log File System Driver. [...]
A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy (DOE) warns of government-backed hacking groups being able to hijack multiple industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices. [...]
Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. As such, CISA is urging users and administrators to upgrade to the latest, patched Struts 2 versions. [...]
CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies and urged all US organizations on Monday to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances. [...]
Plus: Fox News learns to use database passwords, Autodesk patches high-severity bugs, and CISA says retire old D-Link routers In brief Google pulled a slew of Android apps with more than 46 million downloads from its Google Play Store after security researchers notified the cloud giant that the code contained some sneaky data-harvesting code.…