Tag

Cisa

All articles tagged with #cisa

CISA Tightens Patch Timelines for Federal Agencies, Pushing Critical Flaws to Three‑Day Fixes
technology29 days ago

CISA Tightens Patch Timelines for Federal Agencies, Pushing Critical Flaws to Three‑Day Fixes

The Cybersecurity and Infrastructure Security Agency issued Binding Operational Directive 26-04, requiring U.S. Federal Civilian Executive Branch agencies to remediate high‑risk vulnerabilities with accelerated timelines—down to three days for publicly exposed, known‑exploited flaws and up to two weeks for less urgent cases. The directive supersedes older BODs and mandates updates to vulnerability management policies, asset inventories, and automated KEV/CVE reporting, with full adherence within 180 days and policy changes within 60 days. It covers on‑premises, third‑party hosted, and cloud environments while excluding certain military, intelligence, and contractor systems, signaling a broader industry patch‑priority shift.

technology1 month ago

Risk-Based Patch Strategy Drives Federal Cyber Hygiene Under BOD 26-04

CISA's Binding Operational Directive 26-04 requires federal civilian agencies to prioritize vulnerability remediation based on risk, using the Known Exploited Vulnerabilities (KEV) Catalog and SSVC data while considering asset exposure, exploit automation, and technical impact. It establishes a three-phase rollout—immediate policy updates and automation (Phase I), process updates within 60 days (Phase II), and vulnerability remediation within 180 days (Phase III)—with automated reporting via the Continuous Diagnostics and Monitoring program and ongoing Cyber Hygiene practices. The directive supersedes BOD 19-02 and 22-01, aligns with OMB Circular A-130 and FISMA, and aims to harden federal networks against sophisticated cyber threats by focusing on high-risk vulnerabilities and maintaining asset tagging and exposure data.

CISA sidelined as White House coordinates AI-era cyber response
technology1 month ago

CISA sidelined as White House coordinates AI-era cyber response

CISA is shrinking and largely sidelined as the White House forges a multi-agency AI cyber response, raising concerns about protection of critical infrastructure amid fears that AI-enabled attackers could exploit gaps. The agency has faced staffing and budget cuts, leaving leadership and bench strength diminished, even as plans surface for a staffing surge and a coordinated vulnerability-management role in the broader effort.

technology1 month ago

Congress Demands Answers as CISA Struggles to Contain Contractor-Linked Data Leak

Lawmakers from both parties pressed CISA for answers after KrebsOnSecurity reported a contractor publicly posted plaintext credentials and AWS GovCloud keys to a GitHub account, triggering ongoing credential rotation and breach containment. Experts warn that exposed keys could enable access to code, CI/CD pipelines, and sensitive systems. CISA says it is rotating leaked credentials and coordinating with vendors, while lawmakers demand answers about internal policies amid leadership turnover and broader concerns about the agency’s security culture.

Microsoft patches Defender zero-days actively exploited in the wild
technology1 month ago

Microsoft patches Defender zero-days actively exploited in the wild

Microsoft released patches for two Defender zero-days—CVE-2026-41091 (privilege escalation in Malware Protection Engine) and CVE-2026-45498 (DoS in Antimalware Platform)—to stop active exploits. The updates install automatically by default, but admins should verify the Malware Protection Engine and Antimalware Platform versions are current. CISA added these flaws to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch by June 3 under BOD 22-01. The piece also notes mitigations for a Windows BitLocker flaw nicknamed YellowKey.

Senate seeks classified briefing over CISA credential exposure
technology1 month ago

Senate seeks classified briefing over CISA credential exposure

Sen. Maggie Hassan has asked for an urgent classified briefing from acting CISA director Nick Andersen after reports that an exposed private contractor GitHub repository contained internal CISA and DHS credentials, logs and keys. Hassan seeks details on how the exposure happened, what was exposed, which contractor was responsible, and what steps are being taken to mitigate, with the briefing requested before June 5. CISA says there’s no indication sensitive data was compromised and is implementing additional safeguards.

Public GitHub repo exposed CISA secrets, enabling high-privilege access
security1 month ago

Public GitHub repo exposed CISA secrets, enabling high-privilege access

Security researchers revealed that a public GitHub repo named Private-CISA exposed plaintext passwords, SSH private keys, tokens, and other sensitive CISA assets since at least November 2025, potentially enabling high-privilege access to AWS GovCloud; the repo is now offline and reportedly managed by Nightwing, a CISA contractor, which has not publicly commented, following earlier CISA missteps including a director uploading sensitive docs to ChatGPT.

CISA urges critical infrastructure to prep for cyber outages with isolation and recovery plans
technology2 months ago

CISA urges critical infrastructure to prep for cyber outages with isolation and recovery plans

CISA unveiled the CI Fortify guidance urging water utilities, transportation and other critical infrastructure sectors to plan for geopolitical cyber outages by building isolation measures to protect OT and preparing recovery procedures, including system backups and manual operation, with targeted assessments and a renewed hiring push.

technology2 months ago

CISA Maps ICS Stakeholder Roles to Strengthen Isolation and Recovery Readiness

CISA's CI Fortify guidance explains how Industrial Automation Control System vendors, service providers, security vendors, and volunteers should proactively identify blockers to isolation and recovery, prepare for telecom outage failure states, support backups and recovery documentation, and establish crisis communication paths with CISA (including contact details) to improve resilience during crises.

Linux Copy Fail flaw exploited to gain root across major distros, CISA warns
security2 months ago

Linux Copy Fail flaw exploited to gain root across major distros, CISA warns

CISA warns that the Copy Fail vulnerability (CVE-2026-31431) in the Linux kernel’s algif_aead interface is being exploited to obtain root privileges on unpatched systems, with a PoC shown for Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16. Patches are rolling out across major distros; CISA added the flaw to the Known Exploited Vulnerabilities catalog and urges prompt patching per vendor guidance under BOD 22-01, following earlier patches like Pack2TheRoot.

CISA orders patch for Windows zero-click flaw tied to NTLM hash leaks
technology2 months ago

CISA orders patch for Windows zero-click flaw tied to NTLM hash leaks

CISA has added CVE-2026-32202 to the Known Exploited Vulnerabilities list and ordered U.S. federal agencies to patch Windows endpoints and servers by May 12 under Binding Operational Directive (BOD) 22-01. The flaw is described as a zero-click NTLM hash-leak vulnerability that can be exploited in pass-the-hash attacks and may stem from an incomplete fix for CVE-2026-21510, which APT28-linked actors used in attacks against Ukraine and EU targets. Microsoft also flagged the vulnerability as exploited in the wild, and security teams are urged to apply vendor mitigations or discontinue the product if mitigations aren’t available. The alert comes as three other Windows flaws (BlueHammer, RedSun, UnDefend) are also being actively exploited to gain SYSTEM or higher privileges.

Firestarter Backdoor Survives Cisco Patch Cycles on Firepower Gear
security2 months ago

Firestarter Backdoor Survives Cisco Patch Cycles on Firepower Gear

U.S. CISA and U.K. NCSC warn that Firestarter malware persists on Cisco Firepower/ASA/FTD devices after patches, maintaining persistence by hooking into the LINA process and re‑launching after reboots or firmware updates; attackers used Line Viper to gain initial access before deploying Firestarter. Cisco provides mitigations and recommends reimaging, with cold restart as a last resort (risking disk damage); CISA has released YARA rules to aid detection.

CISA Mandates Patch for BlueHammer Windows Flaw in Two Weeks
security2 months ago

CISA Mandates Patch for BlueHammer Windows Flaw in Two Weeks

CISA has ordered U.S. federal agencies to patch CVE-2026-33825, a Microsoft Defender privilege-escalation flaw nicknamed BlueHammer that was exploited as a zero-day before Microsoft released a fix on April 14. Agencies have two weeks (until May 7) to secure Windows systems, with CISA warning of ongoing exploitation and advising mitigations or product discontinuation if fixes aren’t available. The report also notes related flaws (RedSun, UnDefend) disclosed by Chaotic Eclipse and evidence of active intrusion including hands-on-keyboard activity and suspicious FortiGate VPN activity tied to Russia. CISA added the flaw to the Known Exploited Vulnerabilities catalog and highlighted broader risks from similar Windows zero-days.

Anthropic Mythos expands to agencies, but CISA remains excluded
technology2 months ago

Anthropic Mythos expands to agencies, but CISA remains excluded

Anthropic's Mythos Preview is being piloted by several U.S. federal agencies for finding and patching security vulnerabilities, with the Commerce Department and NSA reportedly testing it and discussions for broader access by the administration; however CISA reportedly did not gain access, highlighting questions about prioritizing the central cybersecurity agency amid budget and staffing constraints.