Tag: cisa
-
Noem calls for reauthorization of cyberthreat information sharing law during RSA keynote
by
in SecurityNewsNoem also defended reducing the size of CISA, postponing the creation of a new headquarters for the agency and making other funding cuts or program changes at the organization. First seen on therecord.media Jump to article: therecord.media/kristi-noem-rsa-keynote-info-sharing-law
-
DHS Secretary Noem: CISA needs to get back to ‘core mission’
by
in SecurityNewsIn an appearance at the 2025 RSAC Conference, the Homeland Security secretary said the cyber agency was too focused on being the “Ministry of Truth” under the previous administration. First seen on cyberscoop.com Jump to article: cyberscoop.com/kristi-noem-rsac-2025-cisa-mission/
-
U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added SAP NetWeaver flaw, tracked as CVE-2025-31324, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, researchers warned that a zero-day vulnerability, tracked asCVE-2025-31324(CVSS score of 10/10), in SAP NetWeaver is…
-
RSAC 2025 Sets A Dangerous Precedent for Cybersecurity Leadership
by
in SecurityNews(I posted this on LI, but I like to own my content, so am also posting here.) The cybersecurity community deserves better than what we’re witnessing at RSAC 2025, today. While Kristi Noem delivers today’s keynote, the absence of traditional cybersecurity leaders from agencies like NSA and CISA speaks volumes about shifting priorities in our……
-
CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks
by
in SecurityNewsThe U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-broadcom-fabric-os-commvault-flaws-as-exploited-in-attacks/
-
Brocade Fabric OS flaw could allow code injection attacks
by
in SecurityNewsSame KEV update included a Commvault flaw: CISA also added a high severity bugCVSS 8.7/10 affecting Commvault Web Server to its KEV Catalog, recommending patching under the same BOD directive.The flaw, tracked as CVE-2025-3928, is an unspecified vulnerability that can be exploited by a remote, authenticated attacker to execute webshells. All versions before 11.36.46, 11.32.89,…
-
Broadcom-backed SAN devices face code injection attacks via a critical Fabric OS bug
by
in SecurityNewsSame KEV update included a Commvault flaw: CISA also added a high severity bugCVSS 8.7/10 affecting Commvault Web Server to its KEV Catalog, recommending patching under the same BOD directive.The flaw, tracked as CVE-2025-3928, is an unspecified vulnerability that can be exploited by a remote, authenticated attacker to execute webshells. All versions before 11.36.46, 11.32.89,…
-
CISA warns about actively exploited Broadcom, Commvault vulnerabilities
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/29/cisa-warns-about-actively-exploited-broadcom-commvault-vulnerabilities-cve-2025-1976-cve-2025-3928/
-
U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are…
-
CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerabilities in question are listed below -CVE-2025-1976 (CVSS score: 8.6) – A code injection flaw First…
-
CISA Adds Broadcom Brocade Fabric OS Flaw to Known Exploited Vulnerabilities List
by
in SecurityNews
Tags: advisory, cisa, cyber, cybersecurity, exploit, flaw, government, infrastructure, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory after adding a critical Broadcom Brocade Fabric OS vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. The flaw, tracked as CVE-2025-1976, affects Broadcom’s widely deployed Brocade Fabric OS and has drawn increased concern from government and enterprise security teams due to its…
-
Krebs: People should be ‘outraged’ at efforts to shrink federal cyber efforts
by
in SecurityNewsAt the RSA Conference, former CISA chief Chris Krebs said recent efforts by China-linked hacking groups makes it more important than ever to grow the federal cyber workforce. First seen on therecord.media Jump to article: therecord.media/krebs-outrage-efforts-to-shrink-federal-cyber-workforce
-
Trump moves threaten US cyber defenses, says former CISA director Easterly
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/trump-moves-threaten-us-cyber-defenses-says-former-cisa-director-easterly
-
Secure by Design is likely dead at CISA. Will the private sector make good on its pledge?
by
in SecurityNews
Tags: cisa, cybersecurity, government, office, risk, risk-management, sbom, software, technology, toolCISA’s Secure by Design effort is ‘tiny’: Not everyone believes in the concept of security by design. Jeff Williams, founder and CTO of Contrast Security and creator of the first OWASP Top 10 list in 2002, told CSO that, in his view, the very first secure-by-design manual was the vaunted August 1983 “Orange Book” produced…
-
Schwachstelle in NTLM-Hashes – CISA warnt vor aktiven Attacken auf Windows
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/microsoft-windows-sicherheitsluecke-alarm-cisa-a-b08f28d2e89b157520d6ac9c256fa33b/
-
CISA gets a deputy director as it braces for major layoffs
by
in SecurityNewsMadhu Gottumukkala, a state CIO, lacks the homeland security experience of his two predecessors. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-deputy-director-madhu-gottumukkala/746371/
-
CISA gets new No. 2: Madhu Gottumukkala
by
in SecurityNews
Tags: cisaHe served under then-South Dakota Gov. Kristi Noem, who now heads up the Department of Homeland Security. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-gets-new-no-2-madhu-gottumukkala/
-
Critical bugs in Siemens, Schneider Electric gear top CISA advisory
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/critical-bugs-in-siemens-schneider-electric-gear-top-cisa-advisory
-
10 key questions security leaders must ask at RSA 2025
by
in SecurityNews
Tags: access, ai, api, application-security, authentication, automation, business, cisa, ciso, cloud, conference, control, corporate, cve, cyber, cybersecurity, data, defense, detection, edr, endpoint, fido, finance, gartner, google, government, healthcare, infrastructure, microsoft, mitigation, mitre, monitoring, mssp, network, nist, passkey, password, phone, programming, resilience, risk, risk-management, service, software, strategy, switch, threat, tool, training, vulnerability, zero-trustIs agentic AI more myth than reality?: Building on 2024’s AI enthusiasm, this year will be all about agentic AI, defined as “a type of AI that enables software systems to act autonomously, making decisions and taking actions based on goals, with minimal human intervention,” according to AI itself (source: Google Gemini). We’ll see lots…
-
Erodiert die Security-Reputation der USA?
by
in SecurityNews
Tags: business, ceo, china, cisa, ciso, cybersecurity, cyersecurity, endpoint, exploit, germany, governance, government, intelligence, iran, kaspersky, north-korea, service, strategy, threat, usaTrump stiftet Verunsicherung auch wenn’s um Cybersicherheit geht.Nachdem US-Präsident Donald Trump nun auch Cybersicherheitsunternehmen per Executive Order für abweichende politische Positionen abstraft, befürchten nicht wenige Branchenexperten, dass US-Sicherheitsunternehmen künftig ähnlich in Verruf geraten könnten wie ihre russischen und chinesischen Konkurrenten. Die zentralen Fragen sind dabei:Können sich CISOs beziehungsweise ihre Unternehmen künftig noch auf US-amerikanische Bedrohungsinformationen…
-
Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter
Some in the infosec world definitely want to see Big Red crucified First seen on theregister.com Jump to article: www.theregister.com/2025/04/18/oracle_cisa_advisory/
-
Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators
by
in SecurityNews
Tags: access, advisory, ai, attack, breach, china, cisa, cisco, ciso, cloud, computer, control, csf, cve, cyber, cyberattack, cybersecurity, data, defense, encryption, espionage, exploit, firmware, framework, governance, government, group, hacker, hacking, healthcare, identity, infrastructure, Internet, LLM, malicious, mfa, mitigation, mitre, network, nist, open-source, password, phishing, privacy, risk, risk-assessment, router, service, software, strategy, supply-chain, technology, threat, tool, update, vulnerabilityCheck out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on attacks against edge routers. Dive into five…
-
CISA Weighs in on Alleged Oracle Cloud Breach
The agency is recommending that organizations and individuals implement its recommendations to prevent the misuse of stolen data, though Oracle has yet to publicly do the same for its customers. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/cisa-alleged-oracle-cloud-breach
-
Krebs Steps Down from SentinelOne, Vows to Fight Trump Attack
by
in SecurityNewsChris Kreb, the former CISA director who has come under fire from President Trump for refusing to support claims at the 2020 election was tampered with, resigned from his position with cybersecurity vendor SentinelOne, telling employees that “this is my fight, not the company’s.” First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/krebs-steps-down-from-sentinelone-vows-to-fight-trump-attack/
-
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions of the flaws: This week Apple released out”‘of”‘band…