Stay informed with Security World Trend Now! Discover the latest security trends, technologies, and strategies to protect your data, networks, and digital identity. Get expert insights and practical advice for ensuring your online safety. Explore now!
Mobile & Wireless Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor Overview The US Cybersecurity and Infrastructure Security Agency (CISA) has recently added six vulnerabilities affecting Samsung smartphones to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, which were patched by Samsung in 2021, are believed to have been exploited…
Internet-Exposed Government Devices Raise Security Concerns Government networks have been found to have hundreds of devices with remote management interfaces exposed on the open web, raising serious concerns about cybersecurity vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive, Binding Operational Directive (BOD) 23-02, aimed at eliminating these internet-exposed management interfaces on…
Guidance on Securing CI/CD Environments Introduction The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have joined forces to provide guidance for organizations on how to secure continuous integration and continuous delivery (CI/CD) pipelines against malicious attacks. CI/CD is a crucial component of the DevSecOps approach, which aims to integrate automation…
Malware & Threats: CISA Warns of Exploited Vulnerability in Zyxel NAS Products Background The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical vulnerability that has been exploited in attacks on Zyxel network-attached storage (NAS) products. Zyxel, a Taiwanese device manufacturer, published an advisory last week stating that its NAS326,…
The Hunt for the Cl0p Ransomware Gang The Collaborative Effort The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have joined forces to combat the notorious Cl0p ransomware gang. This Russian cybercriminal group has terrorized numerous victims, including agencies within the United States government itself. To encourage individuals to come…
CISA and NSA Publish New Guidance on Hardening Baseboard Management Controllers (BMCs) Introduction The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have recently released new guidance aimed at helping organizations strengthen the security of their baseboard management controllers (BMCs). A BMC is a specialized service processor typically found on motherboards,…
Government CISA Instructs Federal Agencies to Secure Internet-Exposed Devices The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new directive, titled “Binding Operational Directive 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces,” that requires federal agencies to secure the network management interfaces of certain classes of devices. The directive aims to address the…
The Growing Threats of Foreign and Domestic Meddling in 2024 Presidential Race The former director of Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs warned that the 2024 presidential election would be more active for foreign and domestic meddling than the 2020 election. According to Krebs, he expects countries such as Russia, China, and Iran…
Expansion of CISA‘s Role in Cybersecurity and Infrastructure Security Introduction The Cybersecurity and Infrastructure Security Agency (CISA) has been given new responsibilities to protect the U.S. critical infrastructure, safeguard open-source software, and expand the cybersecurity workforce. The Senate Homeland Security and Governmental Affairs Committee advanced four bills that would require CISA to maintain a commercial…
BianLian Ransomware Group Shifts to Data Exfiltration-Based Extortion Tactics Introduction The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Australian Cyber Security Centre (ACSC) have issued an advisory warning organizations about the ransomware developer and data extortion group, BianLian. The group has been active since 2022, and has…