Collaborate Disseminate
A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Tal… Continue reading Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)
U.S. agencies want to secure the Border Gateway Protocol, but experts question whether their approach could worsen security.
The post FCC wants rules for ‘most important part of the internet you’ve probably never heard of’ appeared first on CyberScoop.
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data acro… Continue reading Protobom: Open-source software supply chain tool
The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious ma… Continue reading New open-source project takeover attacks spotted, stymied
The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts “presents a grave and unacceptable risk to federal agencies.”
The post US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microso… Continue reading US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft
CyberScoop first reported on the existence of the directive, which calls the pilfered emails “a grave and unacceptable risk to agencies.”
The post CISA emergency directive tells agencies to fix credentials after Microsoft breach appeared first on CyberScoop.
Continue reading CISA emergency directive tells agencies to fix credentials after Microsoft breach
The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools.
The post Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets appeared first … Continue reading Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets
Business intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company’s customers to “reset credentials … Continue reading CISA warns about Sisense data breach
CISA’s Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis.
The post CISA Releases Malware Next-Gen Analysis System for Public Use appeared first on SecurityWeek.
Continue reading CISA Releases Malware Next-Gen Analysis System for Public Use
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro̵… Continue reading Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)