Tag

Cisa

All articles tagged with #cisa

technology21 days ago•53 min saved

CISA Warns on Intune Risks After Stryker Breach, Calls for Tighter Controls

After Stryker’s March 11 breach targeting its Microsoft environment, CISA issued an urgent advisory urging organizations to harden endpoint-management configurations and adopt Microsoft’s new Intune security best practices. The alert notes attackers abusing legitimate endpoint-management tools to gain privileged access and move laterally. Key mitigations include implementing least-privilege RBAC, phishing-resistant MFA with Entra ID and Conditional Access, reviewing Privileged Identity Management for just-in-time access, enabling Multi-Admin Approval for sensitive operations, and aligning with Zero Trust principles across Intune and connected Microsoft services.

via CyberSecurityNews|

#cisa #cybersecurity #endpoint-management

technology23 days ago•3 min saved

CISA urges tightening Intune controls after Stryker wipe incident

CISA urged U.S. organizations to harden Microsoft Intune following Stryker's breach, recommending least-privilege admin access, MFA, RBAC, and multi-admin approvals to prevent the wipe of nearly 80,000 devices.

via BleepingComputer|

#cisa #intune #mfa

security23 days ago•2 min saved

CISA Pushes Hardened Endpoint Security Following Stryker Incident

CISA urges U.S. organizations to harden endpoint-management configurations after the Stryker breach, calling for least-privilege RBAC, phishing-resistant MFA, Entra ID/Conditional Access, and Multi Admin Approval, with guidance drawn from Microsoft Intune best practices to prevent abuse of legitimate endpoint-management tools.

via CISA (.gov)|

#cisa #endpoint-management #mfa

policy1 month ago•10 min saved

Chaos at the Cyber Shield: Noem’s CISA czar reassigned after months of turmoil

Nine months into his tenure as acting director of CISA, Madhu Gottumukkala faced constant staff backlash, clashes with Trump-era appointees, and aggressive contracting moves—including not renewing a roughly $30 million license—along with a reportedly failed counterintelligence polygraph that DHS later labeled unsanctioned. Facing mounting scrutiny and political pressure, DHS Secretary Kristi Noem initially resisted removal, then reassigned Gottumukkala on Thursday, with Nick Anderson stepping in as interim, as lawmakers prepare for Senate testimony and demand accountability for CISA’s leadership and mission readiness.

via Politico|

#cisa #cybersecurity #dhs

politics1 month ago•5 min saved

CISA leadership shakeup amid intensified congressional scrutiny

Acting CISA head Madhu Gottumukkala is reassigned to DHS as director of strategic implementation, with Nick Anderson becoming acting CISA director, as Congress tightens its oversight amid the polygraph controversy, a delayed agency reorganization plan, and looming DHS-related questions before a Senate-confirmation process.

via Politico|

#cisa #congressional-oversight #dhs

technology1 month ago•3 min saved

CISA orders rapid patch for Cisco SD-WAN flaws across federal networks

CISA issued an emergency directive directing federal agencies to inventory Cisco SD-WAN systems (Catalyst SD-WAN Controller and Manager), apply updates, and check for compromises after a flaw could let an unauthenticated attacker gain admin access. Agencies must patch by Feb. 27 (5 p.m.), document affected systems by Feb. 26, store logs externally, and perform forensic checks, with additional duties by March 5 (inventory/hunt) and March 12 (hardening report). The move underscores a broader push to secure edge devices as attackers increasingly target network boundaries.

via Federal News Network|

#cisa #cisco #cybersecurity

security1 month ago•3 min saved

CISA Warns of Active Cisco SD-WAN Exploitation, Orders Immediate Remediation Across Agencies

CISA and international partners issued an alert about ongoing exploitation of Cisco SD-WAN vulnerabilities (CVE-2026-20127 and CVE-2022-20775), adding the first to the KEV catalog, and mandated federal agencies under Emergency Directive 26-03 to inventory, patch, collect artifacts, and hunt for evidence of compromise, while Cisco and partner agencies publish hardening and threat-hunting guidance.

via CISA (.gov)|

#cisa #cve-2022-20775 #cve-2026-20127

security1 month ago•3 min saved

Auth bypass in Honeywell CCTV risks unauthorized feeds and account takeover

CISA warns of a critical vulnerability (CVE-2026-1670) in multiple Honeywell CCTV models that allows an unauthenticated attacker to change the recovery email on a device account, enabling account takeover and unauthorized access to camera feeds; as of Feb 17 there were no known public exploits; mitigations include limiting network exposure, isolating devices behind firewalls, and using secure VPN remote access; Honeywell has not issued a public advisory and users should contact support for patch guidance.

via BleepingComputer|

#authentication-bypass #cctv #cisa

security1 month ago•2 min saved

CISA Flags Four Actively Exploited Flaws in KEV Update and Urges Patch

CISA added four flaws to the Known Exploited Vulnerabilities catalog due to active exploitation: CVE-2026-2441 (Chrome use-after-free), CVE-2024-7694 (TeamT5 ThreatSonar Anti-Ransomware arbitrary file upload leading to command execution), CVE-2020-7796 (Zimbra Collaboration Server SSRF), and CVE-2008-0015 (Windows Video ActiveX buffer overflow). Google confirms an in-the-wild exploit for CVE-2026-2441; GreyNoise documents about 400 IPs exploiting CVE-2020-7796 across several countries; the CVE-2008-0015 exploit can download additional malware like Dogkild and alter system files/hosts. The TeamT5 exploitation vector remains unclear. Federal agencies are urged to patch by March 10, 2026.

via The Hacker News|

#cisa #exploitation #kev

security1 month ago•3 min saved

CISA orders urgent patch for actively exploited SCCM flaw

CISA directed federal agencies to patch CVE-2024-43468, a SQL injection flaw in Microsoft Configuration Manager (SCCM) that is now being actively exploited in attacks. The vulnerability was patched by Microsoft in October 2024, but exploitation was later shown in PoC code, and CISA warns that unpatched systems pose significant risk. Agencies must apply mitigations by March 5 under BOD 22-01, and CISA recommends that organizations outside federal use vendor guidance to secure affected systems as soon as possible.

via BleepingComputer|

#cisa #cve-2024-43468 #cybersecurity

security2 months ago•3 min saved

CISA Orders Federal Agencies to Replace End-of-Life Edge Networking Gear

CISA's Binding Operational Directive 26-02 requires Federal Civilian Executive Branch agencies to identify and decommission end-of-life edge devices (routers, firewalls, switches) that no longer receive updates. Agencies must inventory EOS devices within 3 months, decommission EOS gear within 12 months, and replace identified devices within 18 months with vendor-supported equipment, with continuous discovery inventories to be in place within 24 months. The mandate aims to reduce exposure to exploits targeting outdated edge devices; it applies to FCEB agencies, with encouragement for others to follow.

via BleepingComputer|

#binding-operational-directive-26-02 #cisa #edge-devices

politics2 months ago•10 min saved

GOP widens DHS critique beyond Minneapolis

Republicans are broadening their critique of Homeland Security Secretary Kristi Noem beyond the Minneapolis immigration fallout, highlighting perceived missteps at FEMA and the agency’s cyber unit (CISA), concerns about transparency with Congress, and internal leadership tensions, even as Trump expresses support for Noem and GOP lawmakers weigh how DHS should be run.

via Politico|

#cisa #dhs #fema

politics2 months ago•7 min saved

Ex-CISA chief blasts DHS leadership void amid agency struggles

Bridget Bean, the former acting director of the Cybersecurity and Infrastructure Security Agency, tells Politico that without Senate-confirmed leaders DHS agencies are not functioning effectively, describing the leadership gap as a ‘hot mess.’ She points to about 25 top DHS roles that are vacant or filled by acting officials, budget and personnel cuts at CISA, and a stalled nomination process for Sean Plankey, which undermines a unified, long-term strategy for homeland security and cybersecurity.

via Politico|

#cisa #cybersecurity #dhs

politics2 months ago•7 min saved

Interim CISA Chief’s ChatGPT Upload Triggers Internal Security Review

Madhu Gottumukkala, the interim head of the Cybersecurity and Infrastructure Security Agency, uploaded contracting documents marked 'for official use only' to a public ChatGPT last summer, triggering DHS security alerts; the files were not classified, but DHS opened an internal review to assess potential harm and handling of official-use information, highlighting AI-use risks within the agency.

via Politico|

#chatgpt #cisa #cyber-security

technology2 months ago•3 min saved

CISA Tightens Patch Deadline for Actively Exploited VMware vCenter RCE

CISA warns that the actively exploited VMware vCenter Server remote-code-execution flaw CVE-2024-37079 is being used in the wild and orders U.S. federal agencies to patch within three weeks, citing a DCERPC heap overflow that enables easy remote control with no user interaction. Broadcom notes there are no mitigations, advising immediate patches to the latest vCenter Server and Cloud Foundation releases.

via BleepingComputer|

#cisa #cve-2024-37079 #patching