All news with #cisa tag

CISA Releases Guides to Safeguard Infrastructure from UAS

🛡️ CISA released three new Be Air Aware™ guides to help critical infrastructure owners and operators identify and mitigate risks posed by unmanned aircraft systems (UAS). The publications include Unmanned Aircraft System Detection Technology Guidance for Critical Infrastructure, Suspicious Unmanned Aircraft System Activity Guidance for Critical Infrastructure Owners and Operators, and Safe Handling Considerations for Downed Unmanned Aircraft Systems. Developed with government and industry partners, the guides provide practical options to integrate UAS threats into existing security and emergency response plans. CISA encourages organizations to adopt the recommendations to strengthen resilience and align with related directives.

CISA Orders Feds to Patch Actively Exploited Cisco Flaws

🔒 CISA has ordered U.S. federal agencies to fully patch two actively exploited vulnerabilities in Cisco firewall appliances within 24 hours. Tracked as CVE-2025-20362 and CVE-2025-20333, the flaws permit unauthenticated access to restricted URL endpoints and remote code execution; chained together they can yield full device takeover. The agency emphasized applying the latest updates to all ASA and Firepower devices immediately, not just Internet-facing units.

CISA, FBI and Partners Issue Guidance on Akira Ransomware

🛡️ CISA, FBI, DC3, HHS and international partners released updated guidance to help organizations mitigate the evolving Akira ransomware threat. The advisory details new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by the group, which primarily targets small and medium-sized businesses but has also struck larger organizations across multiple sectors. It strongly urges immediate actions such as regular backups, enforcing multifactor authentication, and prioritizing remediation of known exploited vulnerabilities.

ThreatsDay Bulletin: Key Cybersecurity Developments

🔐 This ThreatsDay Bulletin surveys major cyber activity shaping November 2025, from exploited Cisco zero‑days and active malware campaigns to regulatory moves and AI-related leaks. Highlights include CISA's emergency directive after some Cisco updates remained vulnerable, a large-scale study finding 65% of AI firms leaked secrets on GitHub, and a prolific phishing operation abusing Facebook Business Suite. The roundup stresses practical mitigations—verify patch versions, enable secret scanning, and strengthen incident reporting and red‑teaming practices.

Legal Boundaries and Risks of Private Hackback Operations

🔒 Former DoJ attorney John Carlin examines hackbacks, defining them as proactive counterattacks that go beyond passive defense. He argues that purely defensive measures that only affect a victim’s systems are generally lawful, while offensive actions that damage or access an attacker’s systems are likely prohibited without government authorization. Carlin recommends oversight and legal clarification to the CFAA and CISA, and urges private actors to proceed with caution.

Senate Restores Lapsed Cybersecurity Laws After Shutdown

🛡️ The Senate voted 60-40 to advance a continuing resolution that temporarily reinstates the Cybersecurity Information Sharing Act of 2015 (CISA) and the Federal Cybersecurity Enhancement Act through January 2026. The measure restores liability shields, antitrust exemptions and FOIA protections that encourage private-sector threat sharing and renews authority for EINSTEIN intrusion-detection services for civilian agencies. The stopgap leaves another funding deadline early next year and raises questions about a full reauthorization versus further short-term extensions.

CISA Warns of Critical CentOS Web Panel RCE Exploit

⚠️ CISA warns that a critical remote command execution vulnerability, tracked as CVE-2025-48703, is being exploited in the wild against CentOS Web Panel (CWP). The flaw impacts all CWP versions before 0.9.8.1204 and allows unauthenticated attackers who know a valid username to inject shell commands via the file-manager changePerm t_total parameter. The vendor fixed the issue in 0.9.8.1205, and federal agencies have until Nov 25 under BOD 22-01 to remediate or stop using the product.

CISA, NSA and Partners Issue Exchange Server Best Practices

🔐 CISA, the NSA and international partners have published the Microsoft Exchange Server Security Best Practices to help organisations reduce exposure to attacks against hybrid and on‑premises Exchange deployments. The guidance reinforces Emergency Directive 25-02 and prioritises restricting administrative access, enforcing multi‑factor and modern authentication, tightening TLS and transport security, and applying Microsoft's Exchange Emergency Mitigation service. It also urges migration from unsupported or end‑of‑life systems and recommends use of secure baselines such as CISA's SCuBA. Agencies stress ongoing collaboration and a prevention-focused posture despite political and operational challenges.

CISA and NSA Issue Hardening Guidance for Exchange

🔒 CISA and the NSA, joined by the Australian Cyber Security Centre and the Canadian Centre for Cyber Security, released guidance to harden on-premises and hybrid Microsoft Exchange servers against attacks. The advisory emphasizes stronger authentication, minimized application attack surfaces, robust TLS configurations, and decommissioning unsupported servers after migration to Microsoft 365. It also recommends enabling emergency mitigations and built-in anti-spam and anti-malware protections and restricting administrative access to authorized workstations.

Fortinet Recognized by Crime Stoppers for Cyber Leadership

🏆 Fortinet received two 2025 Crime Stoppers International awards—the Cybersecurity Leadership Award and the Corporate Leadership in Crime Prevention Award—for its global efforts to disrupt cybercrime through intelligence sharing, partnership, and workforce development. FortiGuard Labs and the Fortinet Training Institute are cited for delivering actionable threat intelligence and scalable education. The honors validate more than a decade of sustained public‑private collaboration and data‑driven prevention.

CISA: Windows SMB Privilege Escalation Actively Exploited

🔒 CISA warns that threat actors are actively exploiting a high-severity Windows SMB vulnerability tracked as CVE-2025-33073, which can allow elevation to SYSTEM on unpatched machines. Microsoft patched the flaw in its June 2025 Patch Tuesday release, citing an improper access control weakness that can be abused over a network. The bug affects Windows Server, Windows 10 and Windows 11 up to 24H2. Federal agencies must remediate within three weeks under BOD 22-01, and all organizations are urged to apply the update immediately.

Reassignment of CISA Staff Raises National Cyber Risks

🔔 The US Department of Homeland Security has reassigned hundreds of cybersecurity personnel from the Cybersecurity and Infrastructure Security Agency to non-cyber roles supporting immigration and border enforcement, reports say. This shift has most impacted CISA’s Capacity Building team, which writes emergency directives and oversees protections for the government’s highest-value assets; refusal to accept new roles reportedly risks termination. Analysts warn that reductions in specialized threat hunting, vulnerability scanning, and coordinated advisories will slow response times and create exploitable gaps. Enterprises are urged to tighten patch cycles, adopt phishing-resistant MFA, review privileges, and rely on sector ISACs and private intel sharing while federal capacity is strained.

CISA Adds Synacor Zimbra XSS to Known Exploited Catalog

⚠️ CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-27915, a cross-site scripting (XSS) flaw in Synacor Zimbra Collaboration Suite (ZCS). CISA notes that XSS remains a common attack vector that can enable credential theft, session hijacking, and distribution of malicious content. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by prescribed due dates. CISA urges all organizations to prioritize timely remediation and reduce exposure.

CISA Adds Seven CVEs to Known Exploited Vulnerabilities

🔒 CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The newly listed entries include CVE-2010-3765, CVE-2010-3962, CVE-2011-3402, CVE-2013-3918, CVE-2021-22555, CVE-2021-43226, and CVE-2025-61882, impacting Mozilla, Microsoft, the Linux Kernel, and Oracle E-Business Suite. Federal Civilian Executive Branch agencies must remediate these vulnerabilities under BOD 22-01, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

US Government Shutdown Threatens Federal Cybersecurity

⚠️ The US government shutdown will sharply reduce federal cybersecurity capacity, with CISA set to furlough approximately 1,651 of its 2,540 staff (about 65%), leaving only 889 employees, and NIST estimated to retain roughly 34% of its workforce. Core functions such as vulnerability management, guidance, the CVE program and website operations will be curtailed until appropriations resume. The pause raises immediate operational risks, complicates incident response and increases opportunities for threat actors and fraud.

Simplifying CISA’s Zero Trust Roadmap with Microsegmentation

🔒 CISA now frames microsegmentation as a foundational element of Zero Trust rather than a late-stage optimization, and modern solutions aim to remove historical deployment barriers. Zero Networks highlights agentless, automated, identity-aware, and MFA-enabled controls that speed policy creation and adaptation while minimizing disruption. The vendor cites industry research showing strong market growth, broad practitioner support, and substantial cost reductions compared with legacy segmentation approaches.

Government Shutdown Deepens US Cybersecurity Risks

⚠️ The US government shutdown that began on Sept. 30 deepens federal cyber risk by compounding prior spending cuts and workforce reductions. Significant cuts — including roughly $1.23 billion trimmed from civilian cyber budgets and about 1,000 CISA staff fired earlier in July — have already weakened defenses. Agencies have issued contingency plans and will exempt some critical SOCs and intelligence functions, but contractors and broader response capacity face disruption. Adversaries are likely monitoring for opportunities, and the effects will persist even after funding resumes.

CISA 2015 Expires Amid Government Shutdown, Hurdles Loom

🔒 Congress allowed CISA 2015 to lapse on Sept. 30, 2025 amid a US government shutdown, removing statutory liability shields for private-sector cyber threat information sharing. The expiration reduces government visibility into corporate threat data and is likely to make companies and CISOs more cautious about exchanging indicators and defensive measures. Experts urge immediate legal review and expect Congress may pursue a temporary reauthorization, though the timing and duration remain uncertain.

US Cuts Federal Funding for MS-ISAC Cyber Program Impact

🛡️ CISA has ended its cooperative agreement with the Center for Internet Security, terminating federal funding for the MS-ISAC on September 30 and placing the program's future in doubt. The MS-ISAC supports more than 18,000 state, local, territorial and tribal members with services such as advisories, secure information sharing, tabletop exercises and the Albert intrusion detection system. CIS has been temporarily subsidizing operations at over $1m per month but plans to phase out that support and is pushing members toward a paid membership model. CISA says it will move to a "new model" to support SLTT partners with tools, grant access and regional advisors.

CISA Strengthens Cyber Support for State and Local Govts

🔒 CISA has transitioned to a new direct-support model to equip state, local, tribal, and territorial (SLTT) governments with access to grant funding, no-cost cybersecurity tools, and hands-on expertise. The agency’s cooperative agreement with the Center for Internet Security concludes on September 30, 2025, and CISA will deliver funding via DHS/FEMA programs including SLCGP and TCGP. Offered services include cyber hygiene scanning, phishing assessments, vulnerability management, the Cybersecurity Performance Goals and Cyber Security Evaluation Tool, regional advisors and incident response coordination, while CISA continues collaboration with MS-ISAC for Albert sensor users.