Cybersecurity and Infrastructure Security Agency – Page 2

Trump Fires Security Chief Christopher Krebs

Posted on November 18, 2020 by BrianKrebs

President Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud. Continue reading Trump Fires Security Chief Christopher Krebs→

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug

Posted on October 30, 2020 by Elizabeth Montalbano

Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers. Continue reading Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug→

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug

Posted on October 30, 2020 by Elizabeth Montalbano

Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers. Continue reading Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug→

DHS Issues Dire Patch Warning for ‘Zerologon’

Posted on September 21, 2020 by Tom Spring

The deadline looms for U.S. Cybersecurity and Infrastructure Security Agency’s emergency directive for federal agencies to patch against the so-called ‘Zerologon’ vulnerability. Continue reading DHS Issues Dire Patch Warning for ‘Zerologon’→

CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug

Posted on July 17, 2020 by Elizabeth Montalbano

An emergency directive orders some federal agencies to apply Microsoft’s patch for a critical DNS vulnerability by Friday, July 17 at 2 p.m. (ET). Continue reading CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug→

Department of Homeland Security Cybersecurity: Top 10 Vulnerabilities Still Being Exploited

Posted on May 28, 2020 by April Downey

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) recently released a list of the top 10 most commonly exploited software vulnerabilities across the last four years.
Apache Struts was the second most a… Continue reading Department of Homeland Security Cybersecurity: Top 10 Vulnerabilities Still Being Exploited→

Now you need a notarized document to get a .gov domain

Posted on March 9, 2020 by Danny Bradbury

The US government is tightening its rules around the registration of government web domains to stop fraudsters impersonating government sites. Continue reading Now you need a notarized document to get a .gov domain→

U.S. Govt. Makes it Harder to Get .Gov Domains

Posted on March 7, 2020 by BrianKrebs

The federal agency in charge of issuing .gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity published research suggesting it was relatively easy for just about anyone to get their very own .gov domain.

In November’s piece It’s Way Too Easy to Get a .gov Domain Name, an anonymous source detailed how he obtained one by impersonating an official at a small town in Rhode Island that didn’t already have its own .gov. Continue reading U.S. Govt. Makes it Harder to Get .Gov Domains→

Ransomware attack forces 2-day shutdown of natural gas pipeline

Posted on February 20, 2020 by Lisa Vaas

The attacker(s) infected both IT and operational networks with an unspecified ransomware strain, though the facility never lost control. Continue reading Ransomware attack forces 2-day shutdown of natural gas pipeline→

CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies

Posted on December 2, 2019 by Lindsey O'Donnell

A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems. Continue reading CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies→