CISA: FEMA Chemical, Biological, Radiological, and Nuclear (CBRN) Response and Recovery Efforts

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

CISA: Federal Emergency Management Agency (FEMA) Response: Hurricanes, Wildfires, Floods, and Pandemics

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files

Cybercriminals exploit disaster relief efforts to target vulnerable individuals and organizations in Florida, compromising the integrity of relief…...

FEMA and CISA Release Joint Guidance on Planning Considerations for Cyber Incidents

Today, the Federal Emergency Management Agency FEMA and the Cybersecurity and Infrastructure Security Agency CISA released the joint guide Planning Considerations for Cyber Incidents: Guidance for Emergency Managers to provide state, local, tribal, and territorial SLTT emergency managers with...

portal.fema.com.br Cross Site Scripting vulnerability OBB-3765685

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

apps.usfa.fema.gov Cross Site Scripting vulnerability OBB-3227486

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fema.es Cross Site Scripting vulnerability OBB-2880865

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Emergency Alert System Flaws Could Let Attackers Transmit Fake Messages

The U.S. Department of Homeland Security DHS has warned of critical security vulnerabilities in Emergency Alert System EAS encoder/decoder devices. If left unpatched, the issues could allow an adversary to issue fraudulent emergency alerts over TV, radio, and cable networks. The August 1 advisory...

Cybersecurity in the Infrastructure Bill

On August 10, 2021, the U.S. Senate passed the Infrastructure Investment and Jobs Act of 2021 H.R.3684. The bill comes in at 2,700+ pages, provides for $1.2T in spending, and includes several cybersecurity items. We expect this legislation to become law around late September and do not expect...

portal.fema.gov IFRAME Injection vulnerability OBB-1290537

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

portal.fema.gov Cross Site Scripting vulnerability OBB-1224558

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

IT guy from FEMA hacked medical center, sold data on dark web

By Waqas According to prosecutors, the 29-year old Johnson sold it on the dark web. This is a post from HackRead.com Read the original post: IT guy from FEMA hacked medical center, sold data on dark web...

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

An information technology specialist at the Federal Emergency Management Agency FEMA was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center UPMC in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the...

Cyber Security Week in Review (March 28)

Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. Top headlines this week ASUS had to release an emergency fix for a malware that may have accidentally deployed to their machines. Attackers may have...

FEMA Exposes PII for Millions of Hurricane, Wildfire Survivors

The Federal Emergency Management Agency exposed the personal identifiable information of 2.3 million survivors of hurricanes Harvey, Irma and Maria and the California wildfires in 2017, by oversharing survivor data with a contractor when it wasn’t necessary. Worse, the contractor’s networks has...

FEMA leaks sensitive details of 2.3 million disaster survivors

By Carolina The Department of Homeland Security’s Office of the Inspector General has released a report revealing that FEMA Federal Emergency Management Agency couldn’t protect the private and confidential information of about 2.3 million hurricane survivors. In 2017, residents of Harvey, Maria,...

FEMA Leaked Data From 2.3 Million Disaster Survivors

The Homeland Security Department inspector general released a damning report about FEMA's inability to safeguard the personal info of the people it helped...

citizencorps.fema.gov XSS vulnerability

Open Bug Bounty ID: OBB-385620 Description| Value ---|--- Affected Website:| citizencorps.fema.gov Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

emilms.fema.gov XSS vulnerability

Vulnerable URL: https://emilms.fema.gov/IS33.16//player.swf?tracecall=alert/OPENBUGBOUNTY/ Details: Description| Value ---|--- Patched:| Yes, at 05.05.2017 Latest check for patch:| 05.05.2017 01:47 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

GAO Shipping Port Cybersecurity Report

The U.S. Department of Homeland Security, Coast Guard and Federal Emergency Management Agency FEMA have been taken to the woodshed in a General Accounting Office GAO report on maritime cybersecurity. The GAO said the response to mandates to improve computer security efforts to protect the network...