#BHUSA: CISA Encourages Organizations to Adopt a 'Secure by Demand' Strategy
CISA Director Jen Easterly calls on organizations to drive cybersecurity improvements through a 'Secure by Demand' approach
Stay informed on the latest CISA updates, guidelines, and alerts critical for robust information security and cyber threat prevention.
Search across headline titles and summaries.
Background for this topic.
Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. Department of Homeland Security agency for reducing cyber and physical risks to critical infrastructure and federal civilian networks. Created by the 2018 CISA Act, it works with government and industry, publishes alerts and guidance, and coordinates assistance during significant incidents. Its direct federal-network role chiefly covers the Federal Civilian Executive Branch, including .gov; private-sector engagement is often voluntary or sector-specific.
Practitioners use CISA advisories and the Known Exploited Vulnerabilities catalog to prioritize patching where exploitation has been observed, and consult applicable directives and incident-response guidance. CISA supports vulnerability reporting and promotes controls such as multifactor authentication, logging, and tested recovery. A CISA alert is an actionable risk signal, not proof every organization is affected; teams should verify product, version, exposure, and obligations.
CISA Director Jen Easterly calls on organizations to drive cybersecurity improvements through a 'Secure by Demand' approach
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. [...]
CISA Director Jen Easterly expressed strong confidence in the integrity of US election, despite ongoing cybersecurity threats to democratic processes
CISA recommends disabling the legacy Cisco Smart Install feature after seeing it abused by threat actors in recent attacks to steal sensitive data, such as system configuration files. [...]
Election tech is fine – it's all thise idiots buying into the propaganda that's worrying Jen Easterly Black Hat US Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly and her counterparts from the UK and EU want the world to know that, when it comes to securing elections, they've never been more prepared.…
CISA and FBI report claims the BlackSuit ransomware collective has extracted at least $500m from victims
The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million
CISA and the FBI confirmed today that the Royal ransomware rebranded to BlackSuit and has demanded over $500 million from victims since it emerged more than two years ago. [...]
CISA and the FBI confirmed today that the Royal ransomware rebranded to BlackSuit and has demanded over $500 million from victims since it emerged more than two years ago. [...]
The CISA guidance prioritizes product security alongside the manufacturer's enterprise security
Plus: CISA's AI hire; and Canuck SIM swappers busted Infosec in brief Scammers have been using Google's own ad system to fool people into downloading a borked copy of the Chocolate Factory's Authenticator software.…