Tag CISA

CISA Alerts on Ongoing Exploitation of Linux Kernel Privilege Escalation Flaw Jun 18, 2025 Linux / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a security vulnerability affecting the Linux kernel, adding it to its Known Exploited Vulnerabilities (KEV) catalog due to its active exploitation in the wild. This vulnerability, designated CVE-2023-0386 (CVSS score: 7.8), involves improper ownership management that could allow attackers to escalate privileges on vulnerable systems. A patch was released in early 2023. CISA explained that the flaw arises from unauthorized access to the execution of setuid files with capabilities within the Linux kernel’s OverlayFS subsystem, specifically when users copy capable files from a nosuid mount to another mount. This UID mapping issue enables local users to elevate their privileges on the system. The specific methods of exploitation in current scenarios remain unclear. A report from Datadog in May 2023 highlighted this vulnerability…

CISA Alerts About Ongoing Exploitation of Linux Kernel Privilege Escalation Flaw On June 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning regarding a significant security vulnerability affecting the Linux kernel, now listed in its Known Exploited Vulnerabilities (KEV) catalog. This flaw, identified as CVE-2023-0386, boasts…

Read MoreCISA Alerts on Ongoing Exploitation of Linux Kernel Privilege Escalation Flaw Jun 18, 2025 Linux / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a security vulnerability affecting the Linux kernel, adding it to its Known Exploited Vulnerabilities (KEV) catalog due to its active exploitation in the wild. This vulnerability, designated CVE-2023-0386 (CVSS score: 7.8), involves improper ownership management that could allow attackers to escalate privileges on vulnerable systems. A patch was released in early 2023. CISA explained that the flaw arises from unauthorized access to the execution of setuid files with capabilities within the Linux kernel’s OverlayFS subsystem, specifically when users copy capable files from a nosuid mount to another mount. This UID mapping issue enables local users to elevate their privileges on the system. The specific methods of exploitation in current scenarios remain unclear. A report from Datadog in May 2023 highlighted this vulnerability…

Rethinking Manufacturing Security: The Case Against Default Passwords

Date: July 7, 2025
Categories: IoT Security / Cyber Resilience

The recent breach by Iranian hackers at U.S. water facilities serves as a stark reminder of the vulnerabilities lurking within our systems. Though they only accessed a single pressure station serving 7,000 residents, their method was alarmingly simple: they exploited the factory-set password “1111.” This incident highlights a pressing issue that the Cybersecurity and Infrastructure Security Agency (CISA) has been vocal about— the urgent need for manufacturers to eliminate default credentials, which have consistently proven to be a major security flaw.

As we await improved security protocols from manufacturers, the onus is on IT teams to take action. Whether overseeing critical infrastructure or standard business networks, allowing unchanged default passwords creates an open invitation for cyber attackers. This article explores why default passwords remain widespread, the business and technical implications they carry, and the steps manufacturers must take to enhance security measures.

Manufacturing Security: The Necessity of Eliminating Default Passwords On July 7, 2025, the cybersecurity landscape faced renewed scrutiny following a breach at U.S. water facilities orchestrated by Iranian hackers. While the attack resulted in the hackers gaining control over a single pressure station servicing approximately 7,000 individuals, it highlighted a…

Read More

Rethinking Manufacturing Security: The Case Against Default Passwords

Date: July 7, 2025
Categories: IoT Security / Cyber Resilience

The recent breach by Iranian hackers at U.S. water facilities serves as a stark reminder of the vulnerabilities lurking within our systems. Though they only accessed a single pressure station serving 7,000 residents, their method was alarmingly simple: they exploited the factory-set password “1111.” This incident highlights a pressing issue that the Cybersecurity and Infrastructure Security Agency (CISA) has been vocal about— the urgent need for manufacturers to eliminate default credentials, which have consistently proven to be a major security flaw.

As we await improved security protocols from manufacturers, the onus is on IT teams to take action. Whether overseeing critical infrastructure or standard business networks, allowing unchanged default passwords creates an open invitation for cyber attackers. This article explores why default passwords remain widespread, the business and technical implications they carry, and the steps manufacturers must take to enhance security measures.

CISA Adds Four High-Risk Vulnerabilities to KEV Catalog Amid Ongoing Exploitation

July 8, 2025
Cyber Attacks / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included four critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The identified vulnerabilities are as follows:

  • CVE-2014-3931 (CVSS score: 9.8): A buffer overflow flaw in Multi-Router Looking Glass (MRLG) allowing remote attackers to perform arbitrary memory writes and cause memory corruption.
  • CVE-2016-10033 (CVSS score: 9.8): A command injection vulnerability in PHPMailer enabling attackers to execute arbitrary code within the application or trigger a denial-of-service (DoS) condition.
  • CVE-2019-5418 (CVSS score: 7.5): A path traversal vulnerability in Ruby on Rails’ Action View that may expose the contents of arbitrary files on the target system’s filesystem.
  • CVE-2019-9621 (CVSS score: 7.5): A Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could…

CISA Expands KEV Catalog with Four Newly Identified Vulnerabilities Amid Active Exploitation On July 8, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of four critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This update comes in response to new evidence indicating that these vulnerabilities…

Read More

CISA Adds Four High-Risk Vulnerabilities to KEV Catalog Amid Ongoing Exploitation

July 8, 2025
Cyber Attacks / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included four critical vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The identified vulnerabilities are as follows:

  • CVE-2014-3931 (CVSS score: 9.8): A buffer overflow flaw in Multi-Router Looking Glass (MRLG) allowing remote attackers to perform arbitrary memory writes and cause memory corruption.
  • CVE-2016-10033 (CVSS score: 9.8): A command injection vulnerability in PHPMailer enabling attackers to execute arbitrary code within the application or trigger a denial-of-service (DoS) condition.
  • CVE-2019-5418 (CVSS score: 7.5): A path traversal vulnerability in Ruby on Rails’ Action View that may expose the contents of arbitrary files on the target system’s filesystem.
  • CVE-2019-9621 (CVSS score: 7.5): A Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could…

Microsoft Issues Warning About Vulnerability in Hybrid Exchange Deployments

Governance & Risk Management, Legacy Infrastructure Security CISA Issues Emergency Directive Mandating Federal Agencies Address Vulnerability Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • August 7, 2025 Image: Microsoft/Shutterstock/ISMG The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive urging federal agencies to address a critical vulnerability affecting Microsoft…

Read MoreMicrosoft Issues Warning About Vulnerability in Hybrid Exchange Deployments

CISA Reveals Final $100M Cybersecurity Grants Amid Rising State Challenges

Cybersecurity Spending, Government, Industry Specific $100M in State Cyber Grants Signals Reduced Federal Support Amid Increasing Demand Chris Riotta (@chrisriotta) • August 5, 2025 The Cybersecurity and Infrastructure Security Agency (CISA) has revealed a $100 million grant initiative designed to boost cybersecurity frameworks at the state and local levels. This…

Read MoreCISA Reveals Final $100M Cybersecurity Grants Amid Rising State Challenges

CISA: No Broader Federal Impact from Treasury Cyber Incident; Investigation Continues

Jan 07, 2025
Critical Infrastructure / Cyber Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that there are no signs indicating the recent cyber attack on the Treasury Department has affected other federal agencies. CISA is collaborating closely with the Treasury Department and BeyondTrust to fully understand the breach and reduce its effects. CISA emphasized, “The security of federal systems and the data they safeguard is crucial to our national security. We are taking proactive measures to prevent any further repercussions and will provide updates as needed.” This statement follows the Treasury Department’s disclosure of being targeted in a “major cybersecurity incident” involving Chinese state-sponsored actors, which enabled remote access to certain computers and unclassified documents. The incident, revealed in early December 2024, stemmed from a breach in BeyondTrust’s systems, allowing adversaries to gain sensitive access.

CISA Reports No Broader Federal Impact from Treasury Cyber Attack; Investigation Continues On January 7, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) announced that the recent cyber breach affecting the Treasury Department does not appear to have compromised other federal agencies. This development follows a major cybersecurity incident, described…

Read More

CISA: No Broader Federal Impact from Treasury Cyber Incident; Investigation Continues

Jan 07, 2025
Critical Infrastructure / Cyber Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that there are no signs indicating the recent cyber attack on the Treasury Department has affected other federal agencies. CISA is collaborating closely with the Treasury Department and BeyondTrust to fully understand the breach and reduce its effects. CISA emphasized, “The security of federal systems and the data they safeguard is crucial to our national security. We are taking proactive measures to prevent any further repercussions and will provide updates as needed.” This statement follows the Treasury Department’s disclosure of being targeted in a “major cybersecurity incident” involving Chinese state-sponsored actors, which enabled remote access to certain computers and unclassified documents. The incident, revealed in early December 2024, stemmed from a breach in BeyondTrust’s systems, allowing adversaries to gain sensitive access.

CISA Alerts: Active Exploitation of SysAid Vulnerabilities Allows Remote File Access and SSRF

Jul 23, 2025
Vulnerability / Software Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws affecting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The vulnerabilities are as follows:

  • CVE-2025-2775 (CVSS score: 9.3): This vulnerability involves improper restrictions on XML external entity (XXE) references in the Checkin processing functionality, enabling potential administrator account takeover and file read access.

  • CVE-2025-2776 (CVSS score: 9.3): Similar to the first, this flaw also concerns improper restrictions on XXE references, but it affects the Server URL processing functionality, leading to possible administrator account takeover and file read access.

Both vulnerabilities were disclosed by watchTowr Labs researchers Sina Kheirkhah and Jake Knott in May, along with CVE-2025-2777 (CVSS score: 9.3), which pertains to a pre-authenticated XXE vulnerability within the /lshw endpoint. SysAid has since addressed these issues in their on-premises software.

CISA Alerts: Vulnerabilities in SysAid Software Under Active Attack On July 23, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) unveiled critical vulnerabilities affecting SysAid, a popular IT support software, highlighting their presence in the agency’s Known Exploited Vulnerabilities (KEV) catalog due to signs of active exploitation. The two…

Read More

CISA Alerts: Active Exploitation of SysAid Vulnerabilities Allows Remote File Access and SSRF

Jul 23, 2025
Vulnerability / Software Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws affecting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The vulnerabilities are as follows:

  • CVE-2025-2775 (CVSS score: 9.3): This vulnerability involves improper restrictions on XML external entity (XXE) references in the Checkin processing functionality, enabling potential administrator account takeover and file read access.

  • CVE-2025-2776 (CVSS score: 9.3): Similar to the first, this flaw also concerns improper restrictions on XXE references, but it affects the Server URL processing functionality, leading to possible administrator account takeover and file read access.

Both vulnerabilities were disclosed by watchTowr Labs researchers Sina Kheirkhah and Jake Knott in May, along with CVE-2025-2777 (CVSS score: 9.3), which pertains to a pre-authenticated XXE vulnerability within the /lshw endpoint. SysAid has since addressed these issues in their on-premises software.

CISA Issues Immediate Patch Directive After Chinese Hackers Exploit SharePoint Vulnerabilities in Ongoing Attacks

CISA Urges Immediate Patching of Microsoft SharePoint Vulnerabilities Amid Ongoing Attacks by Chinese Hackers On July 22, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) formally identified two critical Microsoft SharePoint vulnerabilities—CVE-2025-49704 and CVE-2025-49706—as part of its Known Exploited Vulnerabilities (KEV) catalog. This designation follows evidence indicating that these…

Read MoreCISA Issues Immediate Patch Directive After Chinese Hackers Exploit SharePoint Vulnerabilities in Ongoing Attacks

Title: Trump Administration Axes DHS Advisory Committee Memberships, Impacting Cybersecurity Oversight

January 23, 2025
Cybersecurity / National Security

The new Trump administration has dissolved all memberships of advisory committees under the Department of Homeland Security (DHS). In a memo dated January 20, 2025, Acting Secretary Benjamine C. Huffman stated, “In line with DHS’s commitment to resource efficiency and prioritizing national security, I am directing the immediate termination of all existing advisory committee memberships. Future committee initiatives will be solely focused on enhancing our mission to safeguard the homeland and align with DHS’s strategic objectives.” This decision affects members of the Cybersecurity and Infrastructure Security Agency’s (CISA) Cyber Safety Review Board (CSRB), which recently criticized Microsoft for a series of preventable mistakes that allowed its infrastructure to be exploited by a China-based threat actor.

Trump Terminates DHS Advisory Committee Memberships, Impacting Cybersecurity Review January 23, 2025 Cybersecurity / National Security In a significant move, the Trump administration has dissolved all advisory committee memberships associated with the Department of Homeland Security (DHS). Acting Secretary Benjamine C. Huffman announced in a memo dated January 20, 2025,…

Read More

Title: Trump Administration Axes DHS Advisory Committee Memberships, Impacting Cybersecurity Oversight

January 23, 2025
Cybersecurity / National Security

The new Trump administration has dissolved all memberships of advisory committees under the Department of Homeland Security (DHS). In a memo dated January 20, 2025, Acting Secretary Benjamine C. Huffman stated, “In line with DHS’s commitment to resource efficiency and prioritizing national security, I am directing the immediate termination of all existing advisory committee memberships. Future committee initiatives will be solely focused on enhancing our mission to safeguard the homeland and align with DHS’s strategic objectives.” This decision affects members of the Cybersecurity and Infrastructure Security Agency’s (CISA) Cyber Safety Review Board (CSRB), which recently criticized Microsoft for a series of preventable mistakes that allowed its infrastructure to be exploited by a China-based threat actor.