RCE on Log4j Among Top CVEs Exploited By Chinese-Backed Hackers
In a joint advisory, three US agencies, NSA, CISA and FBI, warned about Chinese threat actors
Stay informed on the latest CISA updates, guidelines, and alerts critical for robust information security and cyber threat prevention.
Search across headline titles and summaries.
Background for this topic.
Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. Department of Homeland Security agency for reducing cyber and physical risks to critical infrastructure and federal civilian networks. Created by the 2018 CISA Act, it works with government and industry, publishes alerts and guidance, and coordinates assistance during significant incidents. Its direct federal-network role chiefly covers the Federal Civilian Executive Branch, including .gov; private-sector engagement is often voluntary or sector-specific.
Practitioners use CISA advisories and the Known Exploited Vulnerabilities catalog to prioritize patching where exploitation has been observed, and consult applicable directives and incident-response guidance. CISA supports vulnerability reporting and promotes controls such as multifactor authentication, logging, and tested recovery. A CISA alert is an actionable risk signal, not proof every organization is affected; teams should verify product, version, exposure, and obligations.
In a joint advisory, three US agencies, NSA, CISA and FBI, warned about Chinese threat actors
Microsoft has four entries on list of shame, Log4j tops the chart Three US national security agencies - CISA, the FBI and the NSA - on Thursday issued a joint advisory naming the 20 infosec exploited by state-sponsored Chinese threat actors since 2020.…
NSA, CISA, and the FBI revealed today the top security vulnerabilities most exploited by hackers backed by the People's Republic of China (PRC) to target U.S. government and critical infrastructure networks. [...]
I think we can handle one little Russia. We sent two units, they're bringing any attempts down now The FBI and the US government's Cybersecurity and Infrastructure Security Agency (CISA) claim any foreign interference in the 2022 US midterm elections is unlikely to disrupt or prevent voting, compromise ballot integrity, or manipulate votes at scale.…
Besides, authorities are plenty familiar with what foreign interference looks like The FBI and Cybersecurity and Infrastructure Security Agency (CISA) claim any foreign interference in the 2022 US midterm elections is unlikely to disrupt or prevent voting, compromise ballot integrity or manipulate votes at scale.…
Threat actors trying to compromise elections are unlikely to result in large-scale disruptions
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) in a public service announcement says that cyber activity attempting to compromise election infrastructure is unlikely to cause a massive disruption or prevent voting. [...]
Tell us it’s Russia without telling us it’s Russia Spies for months hid inside a US military contractor's enterprise network and stole sensitive data, according to a joint alert from the US government's Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and NSA.…
Advanced attackers gained access to Microsoft Exchange services, conducted searches of email, and used an open source toolkit to collect data from the network for nearly a year.
The document was jointly released by CISA with the FBI and NSA
U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base (DIB) Sector organization's enterprise network" as part of a cyber espionage campaign
Good time to be selling automation tools The US government's Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to scan for and report software vulnerabilities in their IT systems more frequently under a directive issued this week.…
It requires some federal agencies to perform automated asset discovery every seven days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now
Some days, security just feels like a total illusion. OK, most days... A recently disclosed critical vulnerability in Atlassian's Bitbucket is actively being exploited, according to the US government.…
William Malik, VP of Infrastructure Strategies, shares his opinions on the goals and objectives outlined in the CISA Strategic Plan 2023-2025.