HackDig : Dig high-quality web security articles

CISA warns orgs to switch to Exchange Online Modern Auth until October

CISA has urged government agencies and private sector organizations using Microsoft's Exchange cloud email platform to expedite the switch from Basic Authentication legacy authentication methods without multifactor authentication (MFA) support to Modern Authentication alternatives.Basic Auth (proxy authentication) is an HTTP-based auth scheme used by apps to
Publish At:2022-06-29 09:47 | Read:469 | Comments:0 | Tags:Security CISA

CISA-Funded Project Enables Students With Disabilities to Learn Cybersecurity

Cybersecurity workforce development organization CYBER.ORG on Monday announced the launch of Project Access, a national effort to provide cybersecurity education to blind and visually impaired students.Courtesy of the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Education and Training Assistance Program (CETAP) grant, the program will inc
Publish At:2022-06-29 08:04 | Read:338 | Comments:0 | Tags:NEWS & INDUSTRY Training & Certification CISA securi

CISA Calls for Expedited Adoption of Modern Authentication Ahead of Deadline

The US Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies and private organizations to switch to Modern Auth in Exchange Online before October 1, 2022.A legacy authentication method, Basic Auth does not support multi-factor authentication and requires that the user’s password is sent with each authentication request. It is use
Publish At:2022-06-29 08:04 | Read:1094 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Management & S

CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks

The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks.The flaw, which came to light in January, affects Polkit, a component designed for controlling system-wide privileges in Unix-like operating systems. Polkit is developed by Red Hat, but it’s also used by
Publish At:2022-06-28 16:12 | Read:396 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

CISA Log4Shell warning: Patch VMware Horizon installations immediately

CISA and the United States Coast Guard Cyber Command (CGCYBER) are warning that the threat of Log4Shell hasn’t gone away. It’s being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerability in something called Log4j. This open s
Publish At:2022-06-27 07:53 | Read:586 | Comments:0 | Tags:Exploits and vulnerabilities Malwarebytes news exploit log4s

Threat actors continue to exploit Log4Shell in VMware Horizon Systems

The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon servers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), published a joint advisory to warn of hacking attempts exploiting the Log4Shell flaw in VMware Horizon serve
Publish At:2022-06-24 11:10 | Read:978 | Comments:0 | Tags:APT Breaking News Hacking Security CISA hacking news IT Info

CISA: Log4Shell exploits still being used to hack VMware servers

CISA warned today that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability.Attackers can exploit Log4Shell remotely on vulnerable servers exposed to local or Internet access to move laterally across networks u
Publish At:2022-06-23 17:55 | Read:673 | Comments:0 | Tags:Security exploit CISA hack

Dial 311 for… cybersecurity emergencies?

Members of the Cybersecurity Advisory Committee of CISA (Cybersecurity and Infrastructure Security Agency) have proposed an emergency cybersecurity call line for small and medium-sized businesses (SMBs). Should the proposition be approved, SMBs would be able to call 311 in the event of a cybersecurity incident. CISA’s cyberhygiene subcommittee head,
Publish At:2022-06-23 16:01 | Read:380 | Comments:0 | Tags:Awareness 311 cisa cyber incident emergency line Cybersecuri

Karakurt extortion group: Threat profile

The FBI (Federal Bureau of Investigation), together with CISA (Cybersecurity and Infrastructure Security Agency) and other federal agencies, recently released a joint cybersecurity advisory (CSA) about the Karakurt data extortion group (also known as Karakurt Team and Karakurt Lair). Like RansomHouse, Karakurt doesn’t bother encrypting data. In
Publish At:2022-06-14 13:00 | Read:1118 | Comments:0 | Tags:Cybercrime Accenture Security Advanced Intel AnyDesk Chainal

CISA Clarifies Criteria for Adding Vulnerabilities to 'Must Patch' List

The US Cybersecurity and Infrastructure Security Agency (CISA) has provided clarifications on the criteria for adding vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.The KEV catalog was launched in November 2021 with roughly 300 entries. There are now more than 730 entries and the database continues to grow as CISA becomes aware of other
Publish At:2022-06-08 13:11 | Read:415 | Comments:0 | Tags:NEWS & INDUSTRY Risk Management Vulnerabilities Manageme

CISA Warns of Critical Vulnerabilities in Illumina Genetic Analysis Devices

The US Cybersecurity and Infrastructure Security Agency (CISA) this week issued an advisory to warn of critical vulnerabilities in Illumina genetic analysis devices that could allow a remote, unauthenticated attacker to take over an impacted product.The flaws affect Illumina Local Run Manager (LRM), which is used by sequencing instruments designed for c
Publish At:2022-06-03 13:10 | Read:611 | Comments:0 | Tags:ICS/OT NEWS & INDUSTRY Vulnerabilities CISA

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel (CVE-2021-1048 and CVE-2021-0920)
Publish At:2022-05-25 06:33 | Read:1456 | Comments:0 | Tags:Breaking News Security CISA Hacking hacking news information

CISA adds 41 vulnerabilities to list of bugs used in cyberattacks

The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR.The added vulnerabilities come from a wide range of years, with the oldest disclosed in 2016 and the most recent being a Cisco IOS XR vulnerability f
Publish At:2022-05-24 14:53 | Read:527 | Comments:0 | Tags:Security CISA cyber

10 ways attackers gain access to networks

A joint multi-national cybersecurity advisory has revealed the top ten attack vectors most exploited by cybercriminals in order to gain access to organisation networks, as well as the techniques they use to gain access. The advisory cites five techniques used to gain leverage: Public facing applications. Anything internet-facing can be a threat if not
Publish At:2022-05-19 09:01 | Read:1173 | Comments:0 | Tags:Hacking business cisa compromise hacking malware phishing vu

VMWare vulnerabilities are actively being exploited, CISA warns

The Cybersecurity & Infrastructure Security Agency has issued an Emergency Directive ED 22-03 and released a Cybersecurity Advisory (CSA) about ongoing, and expected exploitation of multiple vulnerabilities in several VMware products. Chaining unpatched VMware vulnerabilities The title of the advisory is “Threat Actors Chaining Unpatched VMware Vul
Publish At:2022-05-19 09:01 | Read:997 | Comments:0 | Tags:Exploits and vulnerabilities cisa cve-2022-22954 cve-2022-22

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud