DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
On April 8, the Office of the Comptroller of the Currency (OCC) officially notified Congress of a significant information security incident involving its email system. This notification, mandated by the Federal Information...more
On March 28, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR) on RESURGE malware, which is associated with the product Ivanti Connect Secure....more
On July 17, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued an Alert adding three vulnerabilities to its Known Vulnerabilities Catalog. ...more
CYBERSECURITY- Mozilla Releases Security Updates for Thunderbird and Firefox - Mozilla recently released security updates to address known vulnerabilities in their Thunderbird and Firefox products. The Cybersecurity &...more
The Cybersecurity & Infrastructure Security Agency, FBI, and MS-ISAC recently released an urgent Joint Advisory on the Atlassian Confluence Vulnerability CVE-2023-22515. According to the Alert, “this critical vulnerability...more
CYBERSECURITY - CISA Launches Cybersecurity - Public Awareness Campaign To kick off the twentieth annual Cybersecurity Awareness Month, the Cybersecurity and Infrastructure Security Agency (CISA) has announced that CISA and...more
The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity Advisory on October 11, 2023, urging companies (particularly those in the critical...more
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch...more
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued “timely information about current security issues, vulnerabilities, and exploits surrounding” Industrial Control Systems (ICS)....more
In its continued effort to keep industry apprised of threats facing companies in the U.S., CISA recently issued a Cybersecurity Advisory: 2022 Top Routinely Exploited Vulnerabilities that is helpful to get up to speed on top...more
CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The CLOP ransomware organization has been reportedly exploiting an SQL injection...more
On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell...more
Cybersecurity research agencies around the world are warning organizations using VMware ESXi servers to patch an almost two (2) year old vulnerability to prevent being compromised by threat actors in the "ESXiArgs" ransomware...more
CYBERSECURITY FBI, CISA + MS-ISAC Warn of LockBit 3.0 Ransomware The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MSISAC) recently released a joint cybersecurity advisory, warning organizations about...more
The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a joint cybersecurity advisory, warning organizations about indicators of compromise, and tactics, techniques, and...more
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued an Alert outlining the top Common Vulnerabilities and Exposures (CVEs) that have been used by the People’s Republic of China (PRC) state-sponsored...more
CYBERSECURITY - CISA Recommends Following Microsoft’s Mitigation for Zero Day Exploits - Microsoft recently issued mitigation steps for vulnerabilities that are being actively exploited by threat actors. Microsoft...more
Microsoft recently issued mitigation steps for vulnerabilities that are being actively exploited by threat actors. Microsoft stated that it is aware that two vulnerabilities are being actively exploited to access users’...more
CYBERSECURITY - CISA + MS-ISAC Alert: Threat Actors Exploiting Zimbra Collaboration Suite - On August 16, 2022, CISA (the Cybersecurity and Infrastructure Security Agency) and the Multi-State Information Sharing & Analysis...more
On June 21, 2022, legislation, The American Data Privacy and Protection Act (“ADPPA”), was introduced. The bipartisan measure is currently scheduled for markup by the House Energy and Commerce Committee on June 23, 2022. ...more
CYBERSECURITY - Verizon’s 2022 Data Breach Investigations Report: A Must Read - I love Verizon’s annual Data Breach Investigations Report (DBIR). I have pored over its content every year since its inception in 2008. (Just...more
The Cybersecurity & Infrastructure Security Agency (CISA) added 21 new vulnerabilities to its Known Exploited Vulnerabilities Catalog on May 23, 2022, due to active exploitation by cyber criminals. The vulnerabilities are a...more
As we have pointed out before, it is cumbersome yet critical, to patch vulnerabilities on a timely basis. Cyber-attackers move swiftly to take advantage of known vulnerabilities and are aware of the challenges organizations...more
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory this week alerting organizations of destructive malware that is being used to target organizations in Ukraine, with the ongoing...more
This week the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued a “SHIELDS UP” advisory. While it does not identify specific threats in the advisory, CISA states that the “Russian...more