8 matches found
CISA: Disconnect vulnerable Ivanti products TODAY
In an emergency directive, the Cybersecurity and Infrastructure Security Agency CISA has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024. Besides the Ivanti...
BOD 23-01: Improving asset visibility and vulnerability detection on federal networks
On October 3, 2022, the Cybersecurity and Infrastructure Security Agency CISA issued Binding Operational Directive 23-01 BOD 23-10. This directive requires all Federal Civilian Executive Branch FCEB entities to maintain an inventory of all IPv4- and IPv6-networked assets, perform regular, periodi...
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any...
Why Everyone Needs to Take the Latest CISA Directive Seriously
Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It's easy to see why you would assume that a directive from CISA just doesn't relate to your organization. But, in the...
Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs
Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important. The flaws are found in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge Chromium-based, Exchange Server,...
Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack
Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as CVE-2021-22893 CVSS score 10, the flaw concerns "multiple us...
More on the SolarWinds Breach
The New York Times has more details. About 18,000 private and government users downloaded a Russian tainted software update - a Trojan horse of sorts - that gave its hackers a foothold into victims systems, according to SolarWinds, the company whose software was compromised. Among those who use...
Grindr's Bug Bounty Pledge Doesn't Translate to Security
SAS@Home 2020– After a Grindr security flaw was disclosed this week, the dating site promised it would launch a bug-bounty program in an effort to “keep its service secure.” But Katie Moussouris, CEO of Luta Security and a bug bounty program expert, warned at this week’s SAS@home virtual event th...