CISA Urges Encrypted Messaging After Salt Typhoon Hack
The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging
Stay informed on the latest CISA updates, guidelines, and alerts critical for robust information security and cyber threat prevention.
Search across headline titles and summaries.
Background for this topic.
Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. Department of Homeland Security agency for reducing cyber and physical risks to critical infrastructure and federal civilian networks. Created by the 2018 CISA Act, it works with government and industry, publishes alerts and guidance, and coordinates assistance during significant incidents. Its direct federal-network role chiefly covers the Federal Civilian Executive Branch, including .gov; private-sector engagement is often voluntary or sector-specific.
Practitioners use CISA advisories and the Known Exploited Vulnerabilities catalog to prioritize patching where exploitation has been observed, and consult applicable directives and incident-response guidance. CISA supports vulnerability reporting and promotes controls such as multifactor authentication, logging, and tested recovery. A CISA alert is an actionable risk signal, not proof every organization is affected; teams should verify product, version, exposure, and obligations.
The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild
CISA Says 2035 Quantum Deadline Remains Achievable Despite Recent BreakthroughsThe federal government’s 2035 mandate to adopt quantum-resistant encryption remains feasible despite technological advancements in quantum computing, a top official for the U.S. cyber defense agency told ISMG, but experts warn challenges such as bureaucratic delays and financial costs persist.
The draft of the long-awaited update to the NCIRP outlines the efforts, mechanisms, involved parties, and decisions the US government will use in response to a large-scale cyber incident.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines
CISA Recommends Strict Mobile Security Measures Following Salt Typhoon Telecom HackThe Cybersecurity and Infrastructure Security Agency's latest guidance calls on top U.S. political and government officials to adopt stricter mobile security measures in response to the Salt Typhoon hacking campaign, a Chinese espionage effort that has infiltrated major telecom systems.
Today, CISA urged senior government and political officials to switch to end-to-end encrypted messaging apps like Signal following a wave of telecom breaches across dozens of countries, including eight carriers in the United States. [...]
A CISA Directive sets out actions all US federal agencies must take to identify and secure cloud tenants in their environments
Federal Agencies Tasked with Adopting New Cloud Security Policies Beginning in 2025The Cybersecurity and Infrastructure Security Agency is requiring federal agencies to adopt secure cloud configurations, integrate monitoring tools and report cloud systems starting in 2025 as part of an effort to address vulnerabilities in part exposed by the SolarWinds attack.
CISA has issued this year's first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their Microsoft 365 cloud environments by implementing a list of required configuration baselines. [...]
Actions direct agencies to deploy specific security configurations to reduce cyber-risk.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild
Draft National Response Plan Offers Flexible Coordination Strategies Across SectorsA draft update to the National Cyber Incident Response Plan aims to enhance federal coordination with both the public and private sectors to better address significant cyber incidents, establishing clear roles for federal cyber entities and emphasizing efficient threat response measures.
CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. [...]
CISA and EPA have published guidance for operators of water and wastewater systems to protect against cyber-attacks