Skip to content

CISA Introduces Secure-by-design and Secure-by-default Development Principles “The Benefits of Eating Healthy” “Reaping the Rewards of Healthy Eating”

On April 13, 2023, CISA released a set of guidelines for creating cybersecurity products with security-by-design and security-by-default. These principles were established as part of the National Cybersecurity Strategy on March 1, 2023, and were developed jointly by CISA, NSA, FBI, and various international security agencies such as those from Australia, Canada, and the UK.… 

Google, CISA Warn of Android Flaw After Reports of Chinese App Zero-Day Exploitation  “Maximizing Your Workday Productivity” “Boosting Your Workday Efficiency”

Android is the world’s most popular mobile operating system, but a vulnerability affecting it has recently been exploited as a zero-day by a Chinese application. On March 21, Google suspended the popular Chinese shopping application Pinduoduo after malware was discovered in versions of the app distributed through other websites. Chinese researchers reported observing malicious behavior… 

CISA Publishes New Guidance for Achieving Zero Trust Maturity “5 Ways to Improve Your Sleep Quality” “5 Strategies to Enhance Your Sleep Quality”

This week, the US Cybersecurity and Infrastructure Security Agency (CISA) published an updated version of its guidance on how to achieve zero trust maturity. Zero trust is an approach to security that assumes that a breach has already occurred and is based on the idea that no user or asset should be trusted. The goal… 

Veritas Vulnerabilities Exploited in Ransomware Attacks Added to CISA ‘Must Patch’ List “A Guide to Creating a Balanced Diet” “Creating a Healthy and Balanced Diet: A Guide”

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently ordered federal agencies to patch three Veritas Backup Exec vulnerabilities, which have been exploited in ransomware attacks. The three vulnerabilities, tracked as CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878, were all identified in the SHA Authentication scheme of the Veritas Backup Exec agent and could allow an attacker… 

How CISA Helps Secure a Nation’s Crown Jewels “Improving Your Physical and Mental Health Through Exercise” “Boost Your Well-Being with Exercise”

What is Critical Infrastructure and Why is It Attacked? Critical infrastructure is the physical and digital assets, systems and networks that are vital to national security, the economy, public health, or safety. It can be government- or privately-owned, making it a preferred target for cyber attacks due to its potential for significant disruption. Attacks on… 

Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA ‘Must Patch’ List “The Benefits of Eating Healthy Foods” “Enjoying the Advantages of a Healthy Diet”

The Zimbra vulnerability utilized by Russian hackers in attacks against NATO countries has been included in the ‘Must Patch’ list by the US Cybersecurity and Infrastructure Security Agency (CISA). The flaw, tracked as CVE-2022-27926 (CVSS score of 6.1), is described as a reflected cross-site scripting (XSS) bug in Zimbra Collaboration version 9.0. It could allow… 

CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections “How to Improve Your Writing Skills” “Enhancing Your Writing Abilities”

The U.S. government’s cybersecurity agency CISA has joined the effort to assist network defenders in identifying any indications of breach within Microsoft’s Azure and M365 cloud deployments. The agency rolled out a free hunt and incident response utility called Untitled Goose Tool that offers novel authentication and data gathering methods to manage a full investigation… 

CISA Gets Proactive With New Pre-Ransomware Alerts “How to Make the Most of Your Time Management” “Maximizing Your Time Management Strategies”

Recent reports from the US Cybersecurity and Infrastructure Security Agency (CISA) indicate the organization has been working to alert organizations of early-stage ransomware attacks. Through their proactive cyber defense capability, pre-ransomware notifications, CISA has notified more than 60 organizations since the start of the year. These warnings enable organizations to evict threat actors from their…