Tag Archives: Cybersecurity and Infrastructure Security Agency (CISA)

CISA: DHS CISA and UK NCSC Release Joint Guidelines for Secure AI System Development

Posted on by
Reply

CISA: DHS CISA and UK NCSC Release Joint Guidelines for Secure AI System Development. “…the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) today jointly released Guidelines for Secure AI System Development to help developers of any systems that use AI make informed cybersecurity decisions at every stage of the development process.”

FEMA: FEMA and CISA Release First-Ever Cyber Incidents Planning Guidance For Emergency Managers

Posted on by
Reply

FEMA: FEMA and CISA Release First-Ever Cyber Incidents Planning Guidance For Emergency Managers. “The new ‘Planning Considerations for Cyber Incidents: Guidance for Emergency Managers’ is a foundational product that provides a roadmap for emergency managers across the nation to plan for swift and effective solutions to address the consequences of a cyber incident.”

CISA: CISA Announces New Release of Logging Made Easy

Posted on by
Reply

CISA: CISA Announces New Release of Logging Made Easy. “The Cybersecurity and Infrastructure Security Agency (CISA) announces a new release of Logging Made Easy, a Windows-based, free and open log management solution designed to help organizations more effectively use available security data to detect and address cyber threats.”

CISA: CISA, HHS Release Collaborative Cybersecurity Healthcare Toolkit

Posted on by
Reply

CISA: CISA, HHS Release Collaborative Cybersecurity Healthcare Toolkit . “Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) co-hosted a roundtable discussion on the cybersecurity challenges that the U.S. healthcare and public health (HPH) sector system faces, and how government and industry can work together to close the gaps in resources and cyber capabilities. Ahead of the roundtable, CISA and HHS released a cybersecurity tool kit that includes resources tailored for the healthcare and public health sector.”

CISA: CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

Posted on by
Reply

CISA: CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance. “Today, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware.”

Cybersecurity & Infrastructure Security Agency: CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide

Posted on by
Reply

Cybersecurity & Infrastructure Security Agency: CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide. “The Cybersecurity and Infrastructure Security Agency (CISA), along with 17 U.S. and international partners, published an update to ‘Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software’ that includes further detail on key principles, guidance, and is co-sealed by eight additional international cybersecurity agencies…. Initially published in April 2023, this joint guidance urges software manufacturers to take urgent steps necessary to design, develop, and deliver products that are secure by design.”

CISA: CISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open Source Software

Posted on by
Reply

CISA: CISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open Source Software. “The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and U.S. Department of the Treasury published new guidance today on’Improving Security of Open Source Software (OSS) in Operational Technology (OT) and Industrial Control Systems (ICS),’ developed in collaboration with industry and government partners through the Joint Cyber Defense Collaborative (JCDC) as part of our 2023 OSS planning initiative.”

CISA: CISA Launches National Public Service Announcement Campaign Encouraging Americans to Take Steps to Keep Themselves and Their Families Safe Online

Posted on by
Reply

CISA: CISA Launches National Public Service Announcement Campaign Encouraging Americans to Take Steps to Keep Themselves and Their Families Safe Online. “The campaign includes a public service announcement (PSA) that will air on stations around the country, as well as digital content, a toolkit, and other resources. Recognizing that technology is an integral part of our modern lives, Congress tasked CISA with creating this program to provide small businesses, communities, and individuals with the guidance and tools they need to protect themselves online.”

CISA: CISA Announces Open Source Software Security Roadmap

Posted on by
Reply

CISA: CISA Announces Open Source Software Security Roadmap . “The Cybersecurity and Infrastructure Security Agency (CISA) published the Open Source Software Security Roadmap today that articulates how the agency will enable the secure usage of open source software within the federal government and support a healthy, secure, and sustainable global open source software ecosystem.”

Axios: Biden administration hires Twitter security whistleblower

Posted on by
Reply

Axios: Biden administration hires Twitter security whistleblower. “Peiter ‘Mudge’ Zatko, the high-profile hacker and Twitter security whistleblower, is joining the Cybersecurity and Infrastructure Security Agency. Why it matters: Zatko’s hire brings more muscle to an agency that lacks — and doesn’t appear to want — regulatory authorities.”

Bleeping Computer: CISA warns of breach risks from IDOR web app vulnerabilities

Posted on by

Bleeping Computer: CISA warns of breach risks from IDOR web app vulnerabilities. “CISA warned today of the significant breach risks linked to insecure direct object reference (IDOR) vulnerabilities impacting web applications in a joint advisory with the Australian Cyber Security Centre (ACSC) and U.S. National Security Agency (NSA). IDOR vulnerabilities are flaws in web apps (or apps that use affected web APIs) that enable attackers to access and manipulate sensitive data by directly referencing internal objects or resources.”

Bleeping Computer: CISA orders agencies to patch iPhone bugs abused in spyware attacks

Posted on by

Bleeping Computer: CISA orders agencies to patch iPhone bugs abused in spyware attacks. “Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits.”

CISA: U.S. and International Partners Release Comprehensive Cyber Advisory on LockBit Ransomware

Posted on by

CISA: U.S. and International Partners Release Comprehensive Cyber Advisory on LockBit Ransomware. “This joint advisory is a comprehensive resource with common tools; exploitations; and tactics, techniques, and procedures (TTPs) used by LockBit affiliates, along with recommended mitigations for organizations to reduce the likelihood and impact of future ransomware incidents.”

CISA: CISA, FBI, NSA, MS-ISAC Publish Updated #StopRansomware Guide 

Posted on by

CISA: CISA, FBI, NSA, MS-ISAC Publish Updated #StopRansomware Guide . “The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) today published the #StopRansomware Guide—an updated version of the 2020 guide containing additional recommended actions, resources, and tools.”

CISA: U.S. and International Partners Publish Secure-by-Design and -Default Principles and Approaches

Posted on by

CISA: U.S. and International Partners Publish Secure-by-Design and -Default Principles and Approaches. “This guidance, the first of its kind, is intended to catalyze progress toward further investments and cultural shifts necessary to achieve a safe and secure future. In addition to specific technical recommendations, this guidance outlines several core principles to guide software manufacturers in building software security into their design processes prior to developing, configuring, and shipping their products.”