Tag: cisa
-
OffensiveCon25 Frame By Frame, Kernel Streaming Keeps Giving Vulnerabilities
Authors/Presenters: Angelboy Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI,…
-
U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: Last…
-
Massive CISA cuts detailed in new budget proposal
Tags: cisaFirst seen on scworld.com Jump to article: www.scworld.com/brief/massive-cisa-cuts-detailed-in-new-budget-proposal
-
Trump’s 2026 Budget Guts CISA: Nearly 30% of Jobs and $500M on the Chopping Block
Trump’s 2026 budget proposal seeks to cut nearly 30% of CISA’s workforce and $495M from its budget, slashing key cyber defense and election security programs. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/trump-2026-budget-cuts-cisa/
-
OffensiveCon25 Chainspotting 2: The Unofficial Sequel to the 2018 Talk >>Chainspotting<<
Author/Presenter: Ken Gannon Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock…
-
ConnectWise ScreenConnect Vulnerability Exploited: CISA
CISA warned that the ConnectWise ScreenConnect vulnerability is being exploited by threat actors to perform ViewState code injection attacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/connectwise-screenconnect-vulnerability-exploited-cisa
-
Trump’s cyber nominees gain broad industry support
CISA director and national cyber director nominees could transform how the federal government engages with the private sector on cybersecurity issues. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/trump-cyber-sean-plankey-cairncross-nominees-endorsements/749663/
-
CISA warns of ConnectWise ScreenConnect bug exploited in attacks
CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-connectwise-screenconnect-bug-exploited-in-attacks/
-
Trump Budget Plan to Cut Nearly 1000 Jobs at Cyber Agency CISA
CISA is facing $495m budget cut, losing 1000 employees and reducing staff to 2324 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/trump-cut-nearly-1000-jobs-cisa/
-
Trump Budget Plan to Cut Nearly 1000 Jobs at Cyber Agency CISA
CISA is facing $495m budget cut, losing 1000 employees and reducing staff to 2324 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/trump-cut-nearly-1000-jobs-cisa/
-
CISA Alerts on ConnectWise ScreenConnect Authentication Vulnerability Actively Exploited
Tags: attack, authentication, cisa, cve, cyber, exploit, flaw, injection, remote-code-execution, vulnerabilityA critical improper authentication vulnerability has been discovered in ConnectWise ScreenConnect, tracked as CVE-2025-3935 and mapped to CWE-287 (Improper Authentication). This flaw affects all ScreenConnect versions up to and including 25.2.3, exposing them to ViewState code injection attacks that could result in remote code execution (RCE) if machine keys are compromised. Technical Details: Vulnerability Summary…
-
US cyber agency CISA faces stiff budget cuts
CISA is one of several US agencies facing drastic budget cuts under the Trump administration First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366625236/US-cyber-agency-CISA-faces-stiff-budget-cuts
-
ThreatPlattformen ein Kaufratgeber
Tags: ai, attack, automation, breach, cisa, cloud, crowdstrike, cyber, cyberattack, dark-web, deep-fake, dns, edr, exploit, finance, firewall, gartner, identity, incident response, intelligence, mail, malware, monitoring, network, open-source, phishing, risk, siem, soar, soc, threat, tool, vulnerability, zero-dayThreat-Intelligence-Plattformen erleichtern es, Bedrohungen zu durchdringen und wirksame Abwehrmaßnahmen zu ergreifen.Der erste Schritt zu einem soliden Enterprise-Security-Programm besteht darin, eine geeignete Threat-Intelligence-Plattform (TIP) auszuwählen. Fehlt eine solche Plattform, haben die meisten Security-Teams keine Möglichkeit, Tool-Komponenten miteinander zu integrieren und angemessene Taktiken und Prozesse zu entwickeln, um Netzwerke, Server, Applikationen und Endpunkte abzusichern. Aktuelle Bedrohungstrends machen…
-
OffensiveCon25 Fighting Cavities: Securing Android Bluetooth By Red Teaming
Author/Presenter: Jeong Wook Oh, Rishika Hooda and Xuan Xing Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs ::…
-
Trump Homeland Security Budget Guts CISA Staff, Key Programs
DHS Budget Proposal Reduces CISA’s Operational Core Amid Growing Global Threats. The Trump administration’s 2026 Homeland Security Department budget would cut $500 million from the Cybersecurity and Infrastructure Security Agency, eliminating over a third of its staff and gutting key programs central to federal cybersecurity and private sector engagement efforts. First seen on govinfosecurity.com Jump…
-
More contextualized CISA KEV catalog pushed
First seen on scworld.com Jump to article: www.scworld.com/brief/more-contextualized-cisa-kev-catalog-pushed
-
OffensiveCon25 Hunting For Overlooked Cookies In Windows 11 KTM And Baking Exploits For Them
Authors/Presenters: Cedric Halbronn and Jael Koh Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists…
-
Trump budget proposal would slash more than 1,000 CISA jobs
The fate of the fiscal 2026 budget blueprint, which includes a $495 million reduction for the agency, is uncertain. First seen on cyberscoop.com Jump to article: cyberscoop.com/trump-budget-proposal-would-slash-more-than-1000-cisa-jobs/
-
Critical Bugs Could Spark Takeover of Widely Used Fire Safety OT/ICS Platform
The unpatched security vulnerabilities in Consilium Safety’s CS5000 Fire Panel could create serious safety issues in environments where fire suppression and safety are paramount, according to a CISA advisory. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/critical-bugs-takeover-fire-safety-ot-ics-platform
-
Trump’s CISA budget lays out deep job cuts, program reductions
Critical infrastructure organizations and small businesses would get less support under the president’s fiscal 2026 funding plan. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-trump-2026-budget-proposal/749539/
-
OffensiveCon25 Pwn20wn Winners Announcement
Author/Presenter: Brian Gore and Dustin Childs Our sincere appreciation to OffensiveCon by Binary Gecko, and the Presenters/Authors for publishing their outstanding OffensiveCon 2025 video content. Originating from the conference’s events located at the Hilton Berlin; and via the organizations YouTube channel. Thanks and a Tip O’ The Hat to Verification Labs :: Penetration Testing Specialists…
-
NSA, CISA Urge Organizations to Secure Data Used in AI Models
New guidance includes a list of 10 best practices to protect sensitive data throughout the AI lifecycle as well as addressing supply chain and data poisoning risks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/nsa-cisa-gudnceai-secure-data-ai-models
-
CISA Urged to Enrich KEV Catalog with More Contextual Data
Security teams should use vulnerability context alongside KEV lists to prioritize patching, OX argued First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-urged-enrich-kev-catalog/
-
CISA’s New SOAR Guidance Shows Where Automation Must Go Next
CISA and ASD’s new SIEM”¯&”¯SOAR guidance reveals challenges with playbook maintenance and paves the way for autonomous SOC automation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/cisas-new-soar-guidance-shows-where-automation-must-go-next/
-
CISA’s New SIEM Guidance Tackles Visibility and Blind Spots
US, Australian Cyber Agencies Say Visibility Gaps Threaten Detection and Response. The Cybersecurity and Infrastructure Security Agency issued new guidance urging organizations to streamline Security Information and Event Management platform integration by prioritizing impactful log data and reducing blind spots that continue to plague even mature security operations centers. First seen on govinfosecurity.com Jump to…
-
Unmasking ECH: Why DNSthe-Root-of-Trust Holds the Key to Secure Connectivity
Encrypted Client Hello (ECH) has been in the news a lot lately. For some background and relevant and recent content, see: IETF Proposed Standard Cloudflare Blog from 2023 announcing ECH support RSA 2025 talk: ECH: Hello to Enhanced Privacy or Goodbye to Visibility? Corrata White Paper “Living with ECH” Security Now podcast coverage of the…
-
CISA Issues SOAR, SIEM Implementation Guidance
The Cybersecurity and Infrastructure Security Agency (CISA) and Australian Cyber Security Centre (ACSC) recommend that organizations conduct thorough testing and manage costs, which can be hefty, before implementing the platforms. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cisa-soar-siem-implementation-guidance
-
CISA Releases Dedicated SIEM SOAR Guide for Cybersecurity Professionals
Security Information and Event Management (SIEM) platforms are essential for detecting, analyzing, and responding to cybersecurity threats in real time. However, the effectiveness of a SIEM system depends heavily on the quality and prioritization of logs ingested. This article explores best practices for SIEM log ingestion, technical considerations, and provides a reference table of high-priority…
-
CISA’s Leadership Exodus Continues, Shaking Local Offices
‘It’s Just Totally Destabilizing,’ Staffers Say Amid CISA’s Leadership Exodus. An ongoing exodus of top officials and senior leadership at the Cybersecurity and Infrastructure Security Agency’s regional offices has left staffers increasingly worried about a potential major shift in mission and continued cuts to staff and spending. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisas-leadership-exodus-continues-shaking-local-offices-a-28527
-
CISA to shed most of its leaders by month-end
Tags: cisaFirst seen on scworld.com Jump to article: www.scworld.com/brief/cisa-to-shed-most-of-its-leaders-by-month-end