Tag: cisa
-
CISA Releases Executive Guide on SIEM and SOAR Platforms for Rapid Threat Detection
In today’s rapidly evolving threat landscape, Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms have become foundational to organizational cybersecurity strategies. SIEM platforms collect, centralize, and analyze log data from diverse sources, such as endpoints, servers, cloud services, and network devices, using correlation rules and filters to detect anomalous…
-
CISA Publishes ICS Advisories Highlighting New Vulnerabilities and Exploits
Tags: access, cisa, control, cyber, cybersecurity, exploit, government, infrastructure, service, tool, vulnerabilityOn May 27, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a new Industrial Control Systems (ICS) advisory”, ICSA-25-146-01″, highlighting a significant security vulnerability in the Johnson Controls iSTAR Configuration Utility (ICU) Tool. This tool is widely deployed for configuring and managing access control systems across critical infrastructure sectors, including commercial facilities, energy, government…
-
Salt Typhoon Believed to Be Behind Commvault Data Breach
Tags: advisory, backup, breach, china, cisa, cloud, credentials, data, data-breach, group, hacking, infrastructure, microsoft, threat, vulnerabilityCISA Advisory Says Threat Actors Stole App Secrets in Azure-Hosted Backup Platform. A suspected Chinese state hacking group linked to last year’s telecom intrusions breached Commvault’s Microsoft Azure environment, exposing sensitive Microsoft 365 credentials and reigniting fears over U.S. cloud infrastructure vulnerabilities and default security settings. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/salt-typhoon-believed-to-be-behind-commvault-data-breach-a-28496
-
CISA Warns of Attacks Targeting Commvault SaaS Environment
A threat actor has gained access to Microsoft 365 environments of a small number of customers of Commvault’s Metallic service. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/cisa-warns-attacks-commvault-saas-environment
-
CISA loses nearly all top officials as purge continues
Most of the leaders of the agency’s operating divisions and regional offices have left or will leave this month amid the Trump administration’s aggressive government-downsizing campaign. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-senior-official-departures/748992/
-
Unsophisticated Actors, Poor Hygiene Prompt CI Alert for Oil Gas
An alert from CISA, FBI, EPA and DOE came after CISA observed attacks by “unsophisticated” cyber actors leveraging “basic and elementary intrusion techniques” against ICS/SCADA systems. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/unsophisticated-actors-poor-hygiene-prompt-ci-alert-for-oil-gas/
-
AI data security best practices outlined by CISA and partners
First seen on scworld.com Jump to article: www.scworld.com/news/ai-data-security-best-practices-outlined-by-cisa-and-partners
-
CISA warns of attacks on Commvault’s Microsoft Azure environment
First seen on scworld.com Jump to article: www.scworld.com/news/cisa-warns-of-attacks-on-commvaults-microsoft-azure-environment
-
Commvault clients should beware of campaign targeting cloud applications, CISA says
CISA weighed in on a cyberthreat to Commvault customers that the data management giant had reported in multiple blog posts earlier this year. First seen on therecord.media Jump to article: therecord.media/commvault-clients-cloud-applications-cyberthreat-cisa-alert
-
CISA Alerts on Threat Actors Targeting Commvault Azure App to Steal Secrets
Tags: advisory, backup, cisa, cloud, cyber, cybersecurity, data, exploit, infrastructure, microsoft, service, software, threat, vulnerability, zero-dayOn May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent advisory regarding active cyber threat activity targeting its Metallic software-as-a-service (SaaS) application, which is hosted in the Microsoft Azure cloud environment. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed that threat actors exploited a zero-day vulnerability (CVE-2025-3928) in Commvault’s web…
-
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
Tags: attack, backup, cisa, cloud, cyber, cybersecurity, exploit, infrastructure, microsoft, monitoring, saas, service, software, threatThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment.”Threat actors may have accessed client secrets for Commvault’s (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure,” the agency said.”This First seen on thehackernews.com Jump to…
-
Response to CISA Advisory (AA25-141B): Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations
AttackIQ has updated an existing assessment template in response to the CISA Advisory (AA25-141B) published on May 21, 2025, which disseminates Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IOCs), associated with threat actors deploying the LummaC2 information stealer malware, identified through FBI investigations as recent as May 2025. First seen on securityboulevard.com Jump…
-
U.S. CISA adds a Samsung MagicINFO 9 Server flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Servervulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added a Samsung MagicINFO 9 Servervulnerability, tracked as CVE-2025-4632 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an improper limitation of a pathname…
-
Russia’s Fancy Bear Targeting Logistics, IT Firms
The mission is to gather information that could help Russia in its war against Ukraine. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cisa-russia-fancy-bear-targeting-logistics-it-firms
-
Russia-linked APT28 targets western logistics entities and technology firms
CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing an elevated threat to supply chains Russia-linked cyberespionage group APT28 intensifies its operations against Western logistics and technology companies moving supplies into Ukraine, US CISA warns. TheAPT28group (akaFancy Bear,Pawn Storm,Sofacy Group,Sednit,BlueDelta, andSTRONTIUM)has been active since at least 2007 and it…
-
Schluss mit schlechter Software
Tags: cisa, ciso, cyber, cyberattack, infrastructure, nis-2, resilience, risk, software, update, vulnerabilitySoftwaresicherheit beginnt beim Hersteller nicht beim Nutzer.Die Aussagen von Jen Easterly, bis Januar 2025 Direktorin der US-Bundesbehörde CISA (Cybersecurity and Infrastructure Security Agency), bringen es auf den Punkt: ‘Sichere Software ist nicht billig oder einfach umzusetzen aber es ist der einzig gangbare Weg, um IT-Systeme nachhaltig zu schützen.”Easterly zog in der Vergangenheit auch immer wieder…
-
U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, email, exploit, flaw, google, infrastructure, ivanti, kev, router, sap, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions…
-
Schwachstelle in Chrome wird derzeit aktiv ausgenutzt
Eine Anfang Mai bekannt gewordene Sicherheitslücke in Google Chrome wird derzeit aktiv ausgenutzt, wie die US-Sicherheitsbehörde CISA warnt. Nutzer sollten schnellstmöglich ein Update durchführen. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/schwachstelle-in-chrome-wird-derzeit-aktiv-ausgenutzt
-
Senators question Noem about CISA cuts, but get few details
Homeland Security Secretary Kristi Noem declined to provide specifics on what would be removed from the nation’s leading cybersecurity agency in light of the Trump administration’s proposed $491 million budget cut to the organization. First seen on therecord.media Jump to article: therecord.media/noem-cisa-cuts-senate-hearing
-
High-profile CISA departure adds to agency’s struggles
Tags: cisaThe Trump administration’s workforce purge is sapping CISA of its best talent, experts say. CISA deputy Matt Hartman is the latest to leave the agency. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-matt-hartman-leaving-trump-workforce-downsizing/748639/
-
CISA Includes MDaemon Email Server XSS Flaw in KEV Catalog
Tags: cisa, cve, cyber, cybersecurity, email, exploit, flaw, infrastructure, kev, malicious, vulnerability, xssCybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability affecting MDaemon Email Server to its Known Exploited Vulnerabilities (KEV) Catalog on May 19, 2025. This critical addition, identified as CVE-2024-11182, highlights a security flaw that allows attackers to inject malicious JavaScript code via crafted HTML emails. Federal agencies now have until…
-
CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog
Tags: authentication, cisa, cve, cyber, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, open-source, remote-code-execution, vulnerability, zero-dayCybersecurity and Infrastructure Security Agency (CISA) has added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The flaws CVE-2025-4427 and CVE-2025-4428 enable authentication bypass and remote code execution, respectively, and stem from insecure implementations of widely used open-source…
-
CISA has a new No. 2 … but still no official top dog
Brain drain, budget cuts, constant cyberthreats – who wouldn’t want this job? First seen on theregister.com Jump to article: www.theregister.com/2025/05/19/cisa_deputy_director_gottumukkala/
-
CISA has a new No. 2 – but still no official top dog
Brain drain, budget cuts, and constant cyberthreats – who wouldn’t want this job? First seen on theregister.com Jump to article: www.theregister.com/2025/05/19/cisa_deputy_director_gottumukkala/
-
S. Dakota CIO Gottumukkala Signs on as CISA Deputy Director
The addition is an important hire for the No. 2 position at the cyber agency. The main director role remains unfilled post-Easterly, with Bridget Bean taking over acting duties for now. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/gottumukkala-cisa-deputy-director
-
Federal cyber workforce training institute eyed in bipartisan House bill
The legislation comes amid DOGE-fueled cuts to CISA and warnings from lawmakers that Trump administration policies will cripple federal cyber recruiting. First seen on cyberscoop.com Jump to article: cyberscoop.com/federal-cyber-workforce-training-house-bill/