Tag: cisa
-
LinuxFest Northwest: Beyond ARIA Labels What A Blind Film Enthusiast Can Teach Us About Open Source
Authors/Presenters: José Ibañez (CEO at Blind Penguin), Raissa Ibañez (Manager At Blind Penguin) Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and…
-
Bipartisan bill aims to create CISA-HHS liaison for hospital cyberattacks
House Republican Brian Fitzpatrick and others are pushing for legislation to allow CISA and the Department of Health and Human Services to do more in response to cyberthreats against healthcare providers. First seen on therecord.media Jump to article: therecord.media/bill-proposes-cisa-hhs-liaison-hospital-cyberattacks
-
LinuxFest Northwest: Clonezilla Live On RISC-V Crafting Open Source Live Systems For Open Hardware
Authors/Presenters: Steven Shiau (Clonezilla Project Leader); Yu-Chin Tsai (Clonezilla NCHC Partclone); Chen-Kai Sun (Clonezilla Project / Engineer In NCHC) Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham…
-
LinuxFest Northwest: See How Far COSMIC Has Come This Year
Author/Presenter: Carl Richell (CEO and Founder, System76, Inc.) Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.…
-
LinuxFest Northwest: Chaos Testing Of A Postgres Cluster On Kubernetes
Author/Presenter: Nikolay Sivko (Co-Founder And CEO At Coroot) Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.…
-
Utility billing provider customers compromised via SimpleHelp exploit
First seen on scworld.com Jump to article: www.scworld.com/brief/cisa-utility-billing-provider-customers-compromised-via-simplehelp-exploit
-
CISA Reveals ‘Pattern’ of Ransomware Attacks Against SimpleHelp RMM
A new Cybersecurity and Infrastructure Security Agency (CISA) advisory warned ransomware actors have been actively exploiting a critical SimpleHelp flaw since January. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cisa-ransomware-attacks-simplehelp-rmm
-
LinuxFest Northwest: Easy Modular Sensors And Automation
Author/Presenter: Sam Groveman (Research Associate) Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel. Thanks and a…
-
CISA warns of supply chain risks as ransomware attacks exploit SimpleHelp flaws
The latest confirmed cyber intrusion hit a utility billing software provider and its customers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/simplehelp-vulnerabilities-cisa-warning/750676/
-
Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names
Jen Easterly and Ciaran Martin called for a universal, vendor-neutral cyber threat actor naming system First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/former-cisa-ncsc-threat-actor-names/
-
CISA warns of SimpleHelp ransomware compromises after string of retail attacks
Ransomware gangs leveraged a vulnerability to access unpatched versions of SimpleHelp’s remote monitoring and management tool to disrupt services in double extortion compromises. First seen on therecord.media Jump to article: therecord.media/cisa-warns-of-simplehelp-ransomware-compromises
-
Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing Firm
A CISA advisory urged all software vendors and downstream customers to check if they are impacted by unpatched versions of the SimpleHelp RMM tool First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-simplehelp-compromise/
-
Updated Response to CISA Advisory (AA23-352A): #StopRansomware: Play Ransomware
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-352A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Play Ransomware group, identified through FBI investigations as recently as May 2025. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/updated-response-to-cisa-advisory-aa23-352a-stopransomware-play-ransomware/
-
LinuxFest Northwest: LFNW 2025: In The Beginning…
Author/Presenter: Jon “maddog” Hall (Board Chair Emeritus: Linux Professional Institute, Founder: Project Cauã, Co-Founder: Caninos Loucos, Technical Advisor: QSentinel, Executive Director: Linux® International®) Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events…
-
OffensiveCon25 Keynote: Automating Your Job? The Future Of AI and Exploit Development
Author/Presenter: Perri Adams Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock…
-
Significant flaws impacting SinoTrack GPS devices
First seen on scworld.com Jump to article: www.scworld.com/brief/cisa-significant-flaws-impacting-sinotrack-gps-devices
-
New Cybersecurity Executive Order: What You Need To Know
Tags: ai, cisa, cloud, communications, compliance, computing, control, cyber, cybersecurity, data, defense, detection, encryption, exploit, fedramp, framework, government, identity, incident response, infrastructure, Internet, iot, network, office, privacy, programming, resilience, risk, service, software, supply-chain, technology, threat, update, vulnerability, vulnerability-management, zero-trustA new cybersecurity Executive Order aims to modernize federal cybersecurity with key provisions for post-quantum encryption, AI risk and secure software development. On June 6, 2025, the White House released a new Executive Order (EO) aimed at modernizing the nation’s cybersecurity posture. As cyber threats continue to evolve in scale and sophistication, the EO reinforces…
-
OffensiveCon25 KernelGP: Racing Against The Android Kernel
Author/Presenter: Chariton Karamitas Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock…
-
OffensiveCon25 Breaking The Sound Barrier: Exploiting CoreAudio Via Mach Message Fuzzing
Author/Presenter: Dillon Franke Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock…
-
OffensiveCon25 Android InWild: Unexpectedly Excavating A Kernel Exploit
Author/Presenter: Seth Jenkins Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock…
-
CISA, Microsoft warn of Windows zero-day used in attack on ‘major’ Turkish defense org
Check Point attributed the attack to a group known as Stealth Falcon, a hacking group with longstanding ties to the UAE that has been implicated in dozens of spyware cases and hacking incidents involving governments across the Middle East and Africa. First seen on therecord.media Jump to article: therecord.media/microsoft-cisa-zero-day-turkish-defense-org
-
Updated CISA vulnerabilities catalog adds critical Erlang/OTP SSH, Roundcube issues
First seen on scworld.com Jump to article: www.scworld.com/brief/updated-cisa-vulnerabilities-catalog-adds-critical-erlang-otp-ssh-roundcube-issues
-
House committee sets CISA budget cut at $135M, not Trump’s $495M
Tags: cisaThe move indicated at least some resistance to the president’s CISA reduction goal, but Democrats still said that was too steep for the agency’s fiscal 2026 funding legislation. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-budget-135m-dhs-2026-house-appropriations/
-
U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: The CVE-2025-32433 flaw is a…
-
CISA Issues Alert on Erlang/OTP SSH Server RCE Vulnerability Under Active Exploitation
Tags: cisa, cve, cyber, cybersecurity, exploit, infrastructure, kev, rce, remote-code-execution, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability in Erlang/OTP SSH server implementations that allows attackers to execute arbitrary commands without authentication. The vulnerability, designated as CVE-2025-32433, has been added to CISA Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild and posing significant risks…
-
CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities in question are listed below -CVE-2025-32433 (CVSS score: 10.0) – A missing authentication for a critical First seen…
-
OffensiveCon25 Parser Differentials: When Interpretation Becomes a Vulnerability
Author/Presenter: Joernchen Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI,…
-
OffensiveCon25 Entrysign: Create Your Own x86 Microcode for Fun and Profit
Authors/Presenters: Matteo Rizzo, Kristoffer `spq` Janke, Eduardo Vela Nava and Josh Eads Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to…
-
Over 1,000 Employees Departed CISA Since Trump Administration Began
The Cybersecurity and Infrastructure Security Agency (CISA), the U.S. government’s frontline civilian cybersecurity force, has lost nearly one-third of its workforce”, roughly 1,000 employees”, since the start of the current Trump administration, according to multiple sources and internal communications. This exodus, driven by buyouts, early retirements, and layoffs, has left the agency with approximately 2,200…
-
News brief: CISA and partners face budget overhauls, cuts
Tags: cisaCheck out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366625613/News-brief-CISA-and-partners-face-budget-overhauls-cuts