CISA Alert

Response to CISA Advisory (AA24-326A): Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization

| | adversary emulation, CISA Alert, Critical Infrastructure, cyber resilience, Cybersecurity Advisory (CSA), Red Team Assessment (RTA), Red Teaming
In response to the recently published CISA Advisory (AA24-326A) which highlights the CISA Red Team's simulation of real-world malicious cyber operations, AttackIQ has provided actionable recommendations to help organizations emulate these attacks ...
AttackIQ

Response to CISA Advisory (AA24-317A): 2023 Top Routinely Exploited Vulnerabilities

| | adversary emulation, Broad-Based Attacks, CISA Alert
In response to the recently published CISA Advisory (AA24-317A) that disseminates the top routinely exploited vulnerabilities from 2023, AttackIQ has proposed a multitude of recommendations that customers can take to emulate these ...
AttackIQ

CISA and FBI Issue Alert on XSS Vulnerabilities

| | cisa, CISA Alert, Cross-Site Scripting (XSS), Cross-Site Scripting (XSS) Attacks, Cyber threat landscape, Cybersecurity Best Practices, cybersecurity defense strategies, Cybersecurity Weaknesses, enterprise security, FBI, FBI alert, Linux & Open Source News, secure by design, Secure by Design Alert, Software Security, Vulnerability Management, XSS Vulnerabilities
Cross-site scripting (XSS) vulnerabilities continue to be a major concern in today’s software landscape, despite being preventable. CISA and FBI have issued a Secure by Design alert to reduce the prevalence of ...
TuxCare

CISA Adds Critical Linux Kernel Vulnerability to its KEV Catalog

| | cisa, CISA Alert, cisa known exploited vulnerabilities, CVE-2017-1000253, ImageMagick Vulnerabilities, ImageTragick, KernelCare Enterprise, KernelCare live patches, Known Exploited Vulnerabilities (KEV), Linux & Open Source News, Linux kernel, linux kernel patching, linux kernel vulnerabilities, linux live patching, linux systems, live patching, patch management, privilege escalation vulnerabilities, SonicOS Vulnerability
CISA has issued a warning about three new vulnerabilities that are being actively exploited. These vulnerabilities pose a significant risk to organizations and should be patched immediately. Among them, CVE-2017-1000253 is a ...
TuxCare

Response to CISA Advisory (AA24-241A): Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

| | adversary emulation, CISA Alert, Defense Industrial Base, education, Financial Services, Fox Kitten, government, Healthcare & Life Sciences, Iran, Lemon Sandstorm, Parisite, Pioneer Kitten, RUBIDIUM, UNC757
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-241A) published on August 28, 2024. The advisory outlines espionage activity associated with a specific group of Iranian cyber ...
AttackIQ

Response to CISA Advisory (AA24-207A): North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

| | adversary emulation, CISA Alert, Defense Industrial Base, Energy, North Korea, Professional Services, Resources & Utilities, transportation
AttackIQ has released a new assessment template in response to the CISA Advisory (AA24-207A) published on July 25, 2024, that highlights cyber espionage activity associated with the Democratic People’s Republic of Korea ...
AttackIQ

Response to CISA Advisory (AA24-060A): #StopRansomware: Phobos Ransomware

| | #StopRansomware, adversary emulation, CISA Alert, Phobos, Ransomware, ransomware as a service
AttackIQ has released a new attack graph in response to the CISA Advisory (AA24-060A) published on February 29, 2024, which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) ...
AttackIQ

Response to CISA Advisory (AA24-131A): #StopRansomware: Black Basta

| | #StopRansomware, adversary emulation, Black Basta, Broad-Based Attacks, CISA Alert, Critical Infrastructure, healthcare, Indicators of Compromise (IOCs), Public Health, Ransomware, TTPs
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA24-131A) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated to Black ...
AttackIQ
Extreme closeup of “TEN” on US$10 note

GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW

| | cisa, CISA Advisories, CISA Advisory, CISA Alert, CISA KEV, cisa known exploited vulnerabilities, cisa known exploited vulnerabilities catalog, CISA Threat Update, CISA warning, CISA.gov, CVE-2023-7028, CVSS10, Cybersecurity Infrastructure Security Administration, GitLab, GitLab Community Edition, GitLab CVE-2023-7028 CVE-2023-5356, GitLab Enterprise Edition, GitLab Patches, GitLab Security, GitLab Vulnerability, NSA/CISA, Password reset, Password reset protection, SB Blogwatch, software supply chain, software supply chain attack, software supply chain attacks, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity
Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability ...
Security Boulevard
CISA, cyber threats, Seal of the Cybersecurity & Infrastructure Security Agency

Sisense Hacked: CISA Warns Customers at Risk

| | Amazon Web Services (AWS), aws, AWS access keys, AWS bucket, cisa, CISA Advisories, CISA Advisory, CISA Alert, CISA warning, CISA.gov, depth, NSA/CISA, Sangram Dash, SB Blogwatch, Sisense
A hard-coded credential catastrophe: The analytics firm kept big companies’ secrets in an insecure AWS bucket. Government says victims include the “critical infrastructure sector.” ...
Security Boulevard
Load more