CISA, NSA, and Partners Release New Guidance on Securing the Software Supply Chain 11/09/2023 07:00 AM EST Today, CISA, the National Security Agency (NSA), and partners released Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption. Developed through the Enduring Security Framework (ESF), this guidance provides software developers and suppliers with …
Tag Archives: guidance
CISA Releases Guidance for Addressing Citrix NetScaler ADC and Gateway Vulnerability CVE-2023-4966, Citrix Bleed
CISA Releases Guidance for Addressing Citrix NetScaler ADC and Gateway Vulnerability CVE-2023-4966, Citrix Bleed 11/07/2023 07:00 AM EST Today, CISA, in response to active, targeted exploitation, released guidance for addressing Citrix NetScaler ADC and Gateway vulnerability CVE-2023-4966. The vulnerability, also known as Citrix Bleed, could allow a cyber actor to take control of an affected …
FEMA and CISA Release Joint Guidance on Planning Considerations for Cyber Incidents
FEMA and CISA Release Joint Guidance on Planning Considerations for Cyber Incidents 11/07/2023 01:00 PM EST Today, the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA) released the joint guide Planning Considerations for Cyber Incidents: Guidance for Emergency Managers to provide state, local, tribal, and territorial (SLTT) emergency managers with …
CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities 11/01/2023 Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). The guidance now notes that Cisco has fixed these vulnerabilities for the 17.3 Cisco IOS XE software release train with version …
Continue reading “CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities “
CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities 10/24/2023 09:30 AM EDT Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). The guidance now notes that Cisco has fixed these vulnerabilities for the 17.9 Cisco IOS XE software …
Continue reading “CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities”
CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities 10/20/2023 08:00 AM EDT Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). An unauthenticated remote actor could exploit these vulnerabilities to take control of …
Continue reading “CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities”
CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance
CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance 10/18/2023 08:00 AM EDT Today, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The …
Continue reading “CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance”
CISA, FBI, NSA, and Treasury Release Guidance on OSS in IT/ICS Environments
CISA, FBI, NSA, and Treasury Release Guidance on OSS in IT/ICS Environments 10/10/2023 12:00 PM EDT Today, CISA, the Federal Bureau of Investigation, the National Security Agency, and the U.S. Department of the Treasury released guidance on improving the security of open source software (OSS) in operational technology (OT) and industrial control systems (ICS). In …
Continue reading “CISA, FBI, NSA, and Treasury Release Guidance on OSS in IT/ICS Environments”
CISA and NSA Release New Guidance on Identity and Access Management
CISA and NSA Release New Guidance on Identity and Access Management 10/04/2023 08:00 AM EDT Today, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address …
Continue reading “CISA and NSA Release New Guidance on Identity and Access Management”
CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack
CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack 09/06/2023 11:08 AM EDT CISA has released actionable guidance for Federal Civilian Executive Branch (FCEB) agencies to help them evaluate and mitigate the risk of volumetric distributed denial-of-service (DDoS) attacks against their websites and related web services. The Capacity Enhancement Guide: Volumetric DDoS …