CISA

VulnCheck Launches Catalog of Known Exploited Vulnerabilities Fused with Exploit Intelligence

Retrieved on: 
星期二, 二月 27, 2024
Security, Defense, Technology, Other Technology, Internet, Other Defense, CISA, Intelligence, Research, News, CVE, Growth, Catalog, KEV, Community, NVD, Risk management

VulnCheck , the exploit intelligence company, today announced the launch of the VulnCheck Known Exploited Vulnerabilities (KEV) catalog.

Key Points: 
  • VulnCheck , the exploit intelligence company, today announced the launch of the VulnCheck Known Exploited Vulnerabilities (KEV) catalog.
  • Currently, VulnCheck tracks 876 more (or 81.04%) vulnerabilities exploited in the wild than CISA, and alerts customers before missing exploits are added to the CISA KEV catalog an average of 27 days earlier.
  • “This is why we decided to offer a community resource that provides broader known exploited vulnerability intelligence and reference materials, all delivered at machine speed.”
    Key features of VulnCheck’s KEV catalog include:
    Comprehensive CVE Tracking: VulnCheck provides security teams with the largest real-time collection of known exploited vulnerabilities.
  • The catalog includes supplementary external links to exploit content available in VulnCheck XDB, referencing publicly-available exploit proof of concept code where possible.

Travelers Institute Launches 2024 National Cybersecurity Tour

Retrieved on: 
星期一, 二月 26, 2024
Professional Services, Business, Security, Technology, Small Business, Insurance, Public policy, Traveler, CISA, Assistant, Mitigation, Computer security, Information system, The Travelers Companies, TRV, Organization, SBA

The Travelers Institute , the public policy division of The Travelers Companies, Inc. (NYSE: TRV ), today announced the start of its Cyber: Prepare, Prevent, Mitigate, Restore® 2024 tour schedule.

Key Points: 
  • The Travelers Institute , the public policy division of The Travelers Companies, Inc. (NYSE: TRV ), today announced the start of its Cyber: Prepare, Prevent, Mitigate, Restore® 2024 tour schedule.
  • The overwhelming majority of respondents (81%) believe that having proper cybersecurity controls in place is critical to the well-being of their company.
  • “Cyber risks can cause major operational and financial disruption to an organization, which is why it’s important for businesses – particularly small enterprises – to take preventive measures,” said Joan Woodward, President of the Travelers Institute and Executive Vice President of Public Policy at Travelers.
  • The SBA has made it a priority to help business owners understand the importance of cybersecurity and ways they can safeguard their customers’ data.”
    Travelers Institute programs are free and open to the public.

CA and TX CISOs and More Explore Key Topics at Billington CyberSecurity’s 1st State and Local Cyber Summit

Retrieved on: 
星期四, 二月 22, 2024
Data Management, Technology, State, Local, Public Policy, Security, Software, Other Defense, Networks, Defense, Government, Mobile, Wireless, Amazon Web Services, CISA, AI, Intelligence, Anomali, CISCO, FEMA, ISC, Hacking, Digital, Senior advisor, National Guard, Risk, Digital technology, Information, Press club, CompTIA, Responsibility, City, CISO, Automation, Intellectual property, Cyberattack, Tutoring

Real-time topics that are affecting state and local governments as they face cyber threats will be the focus of the inaugural Billington State and Local CyberSecurity Summit .

Key Points: 
  • Real-time topics that are affecting state and local governments as they face cyber threats will be the focus of the inaugural Billington State and Local CyberSecurity Summit .
  • “This important conference will help mitigate risk by sharing key learnings about cyber threats impacting state and local governments,” explained Thomas K. Billington, CEO and Founder, Billington CyberSecurity , a leading cyber education company for executives founded in 2010.
  • To help localities better prepare, sessions will explore a variety of critical topics to help protect them.
  • 3/20: Cyber Attack—View from First Responders—Panel examines a real ransomware attack, highlights lessons learned, and provides insights for how state and local officials might better prepare.

NetImpact's DX360°® SaaS Solutions added to DHS CDM Approved Products List

Retrieved on: 
星期四, 三月 7, 2024
ERM, CISA, DHS, Digital, Government, Software as a service, CDM, Automation, APL, Risk management

FALLS CHURCH, Va., March 7, 2024 /PRNewswire/ -- NetImpact Strategies, Inc. (NetImpact) announced today that DHS Cybersecurity and Infrastructure Security Agency (CISA) has added its suite of DX360°® SaaS solutions to the Continuous Diagnostics and Mitigation (CDM) Approved Product List (APL). DX360°® solutions provide clients with a distinctive and secure next-generation digital approach to modernize and transform critical business and functions effectively and efficiently.

Key Points: 
  • DX360°® solutions provide clients with a distinctive and secure next-generation digital approach to modernize and transform critical business and functions effectively and efficiently.
  • CISA's CDM Program provides cybersecurity capabilities that improve government's security posture and the APL serves as the authoritative catalog for solutions meeting CDM technical requirements and qualify for CDM implementations.
  • Products and services are only included in the CDM APL upon successful completion of thorough inspection and vetting process by DHS.
  • CDM APL solutions provide visibility into agency networks and help federal agencies defend against cyber adversaries.

Bryant University and Focus EduSolutions Join Forces to Launch the Cybersecurity Bootcamp and Cybersecurity Upskilling Programs

Retrieved on: 
星期四, 二月 29, 2024
CISSP, Student, CISA, Bryant University, Risk management, Computer security, Communication, University, Graduate, Certification, Organization, Knowledge, Computer, Medical device

WOBURN, Mass., Feb. 29, 2024 /PRNewswire-PRWeb/ -- Smithfield, Rhode Island: Bryant University, in collaboration with Focus EduSolutions, is thrilled to announce the launch of a cutting-edge Cybersecurity Bootcamp program, designed to meet the growing demand for skilled cybersecurity professionals in today's rapidly evolving digital landscape.

Key Points: 
  • Bryant University and Focus EduSolutions have jointly launched a Cybersecurity Bootcamp program to meet the rising demand for skilled cybersecurity professionals.
  • Additionally, the collaboration offers Cybersecurity Fundamentals and Applied Cybersecurity upskilling programs, aiming to empower individuals with the necessary skills to excel in the cybersecurity field.
  • WOBURN, Mass., Feb. 29, 2024 /PRNewswire-PRWeb/ -- Smithfield, Rhode Island: Bryant University, in collaboration with Focus EduSolutions, is thrilled to announce the launch of a cutting-edge Cybersecurity Bootcamp program, designed to meet the growing demand for skilled cybersecurity professionals in today's rapidly evolving digital landscape.
  • "Focus EduSolutions is excited to partner with Bryant University in launching this innovative Cybersecurity Bootcamp.

Semperis Researchers Discover a New Malicious Variant of the Attack Technique used in the 2020 SolarWinds Breach

Retrieved on: 
星期四, 二月 29, 2024
Midnight, SolarWinds, Silver, CISA, Golden, Government, Risk, Active Directory Federation Services, History, Unitary state, Organization, Nobelium, Salesforce, SAML, Microsoft, Trapping

HOBOKEN, N.J., Feb. 29, 2024 /PRNewswire-PRWeb/ -- Semperis, a pioneer in identity-driven cyber resilience, today announced that its security research team has discovered a new variant of the notorious Golden SAML attack technique and dubbed it Silver SAML. Using Silver SAML, threat actors could exploit SAML to launch attacks from an identity provider like Entra ID against applications configured to use the protocol for authentication, such as Salesforce.

Key Points: 
  • Golden SAML was used post breach in the 2020 SolarWinds cyberattack, to move laterally within the company's network.
  • Threat group Nobelium, aka Midnight Blizzard/ Cozy Bear, deployed malicious code into SolarWinds' Orion IT management software, infecting thousands of organizations, including the U.S. Government.
  • To safeguard effectively against Silver SAML attacks in Entra ID, organizations should use only Entra ID self-signed certificates for SAML signing purposes.
  • Semperis researchers rate the Silver SAML vulnerability as a MODERATE risk to organizations.

Fortress Information Security Deploys Automated Patch Notification and Authenticity tool to help secure Critical Assets from Hostile Nation-States

Retrieved on: 
星期五, 二月 23, 2024
SolarWinds, State bureau of investigation, SMB, Security agency, CISA, Transport, BES, Computer security, Communist party, CIP, American Electric, Chinese, Commerce, Attention, NSA, Hoxhaism, NOT, FIA, FBI, CCP, Fortification, Virtual private network, SBOM, Modem, Research, Software, Satellite navigation device

ORLANDO, Fla., Feb. 23, 2024 /PRNewswire/ -- The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have clearly warned that U.S. critical infrastructure is under attack. The three federal agencies outlined how "Volt Typhoon," a group of threat actors working under the direction of the Chinese Communist Party (CCP), pose a serious challenge to operators of transportation, commerce, clean water, and electricity services.

Key Points: 
  • Volt Typhoon exploits online assets that have not been updated with the latest vulnerability patches.
  • Fortress Information Security is working with America's leading power companies to limit exposure from abroad by ensuring notification of security updates as soon as they are available.
  • "If one of America's adversaries has used software to open a backdoor and get into a network, FIA will help security pros close the door."
  • "Fortress research has shown that much of the software used by energy companies is NOT secure by design," said Santos.

Frazier & Deeter Announces New Leadership in Four Key Markets

Retrieved on: 
星期二, 二月 20, 2024
CPA, Innovation, CISA, Strategic planning, Health, Problem solving, MBA, Amber, Arch, FD, Organization, Management

ATLANTA, Feb. 20, 2024 /PRNewswire-PRWeb/ -- Frazier & Deeter (FD), a Top 50 accounting and advisory firm, is pleased to announce new appointments to its leadership team, reflecting the firm's dedication to fostering talent, driving growth and delivering exceptional service across various markets.

Key Points: 
  • ATLANTA, Feb. 20, 2024 /PRNewswire-PRWeb/ -- Frazier & Deeter (FD), a Top 50 accounting and advisory firm, is pleased to announce new appointments to its leadership team, reflecting the firm's dedication to fostering talent, driving growth and delivering exceptional service across various markets.
  • Jerry Johnson, CPA, Partner in the firm's Assurance Practice, has been appointed the new Tampa Office Managing Partner.
  • His expertise and leadership experience position him to drive strategic initiatives and enhance client relationships in the Nashville market.
  • "These leadership appointments reflect our ongoing commitment to excellence, innovation and client-centricity," said Seth McDaniel, Managing Partner of Frazier & Deeter.

Fortress Information Security Deploys Automated Patch Notification and Authenticity tool to help secure Critical Assets from Hostile Nation-States

Retrieved on: 
星期二, 二月 20, 2024
SolarWinds, State bureau of investigation, Security agency, CISA, Transport, BES, Computer security, Communist party, CIP, American Electric, Chinese, Commerce, Attention, NSA, Hoxhaism, NOT, FIA, FBI, CCP, Fortification, Virtual private network, Modem, Research, Software, Satellite navigation device

ORLANDO, Fla., Feb. 20, 2024 /PRNewswire/ -- The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have clearly warned that U.S. critical infrastructure is under attack. The three federal agencies outlined how "Volt Typhoon," a group of threat actors working under the direction of the Chinese Communist Party (CCP), pose a serious challenge to operators of transportation, commerce, clean water, and electricity services.

Key Points: 
  • Volt Typhoon exploits online assets that have not been updated with the latest vulnerability patches.
  • Fortress Information Security is working with America's leading power companies to limit exposure from abroad by ensuring notification of security updates as soon as they are available.
  • "If one of America's adversaries has used software to open a backdoor and get into a network, FIA will help security pros close the door."
  • "Fortress research has shown that much of the software used by energy companies is NOT secure by design," said Santos.

Cybellum Adds Major New Features to its Product Security Platform in Support of its Cybersecurity Management System (CSMS)

Retrieved on: 
星期四, 二月 15, 2024
CISA, VM, Catalog, TEL, FDA, Original equipment manufacturer, Risk, Organization, SPDX, Electronics, LG Electronics, CES, SBOM, Cockpit, Medical device

TEL AVIV, Israel, Feb. 15, 2024 /PRNewswire/ -- Cybellum, creators of the award-winning Product Security Platform, announced the latest major release, V2.38 of their Product Security Platform. Following the joint announcement with LG Electronics at CES 2024, this release introduces the CSMS Cockpit, enabling automotive OEMs and device manufacturers to significantly improve their cybersecurity management capabilities with a comprehensive view of product risk, security activities, and requirement validation status.

Key Points: 
  • New capabilities supercharge SBOM and vulnerability management with new AI functionality, risk, and asset management capabilities for streamlined regulatory compliance
    TEL AVIV, Israel, Feb. 15, 2024 /PRNewswire/ -- Cybellum, creators of the award-winning Product Security Platform, announced the latest major release, V2.38 of their Product Security Platform.
  • The new release offers advanced asset management capabilities, including SBOM Auto-Fix, which provides automatic error detection and correction when uploading CycloneDX or SPDX SBOM files.
  • It also includes custom package management for including custom, in-house developed packages, and commercially sourced ones.
  • "The latest update to Cybellum's Product Security Platform doesn't just enhance features, it empowers a paradigm shift in how organizations manage product security," says Asaf Atzmon, Chief Product Officer at Cybellum.