All news with #cisa tag

CISA Adds Seven CVEs to Known Exploited Vulnerabilities

🔒 CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The newly listed entries include CVE-2010-3765, CVE-2010-3962, CVE-2011-3402, CVE-2013-3918, CVE-2021-22555, CVE-2021-43226, and CVE-2025-61882, impacting Mozilla, Microsoft, the Linux Kernel, and Oracle E-Business Suite. Federal Civilian Executive Branch agencies must remediate these vulnerabilities under BOD 22-01, and CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

US Government Shutdown Threatens Federal Cybersecurity

⚠️ The US government shutdown will sharply reduce federal cybersecurity capacity, with CISA set to furlough approximately 1,651 of its 2,540 staff (about 65%), leaving only 889 employees, and NIST estimated to retain roughly 34% of its workforce. Core functions such as vulnerability management, guidance, the CVE program and website operations will be curtailed until appropriations resume. The pause raises immediate operational risks, complicates incident response and increases opportunities for threat actors and fraud.

Simplifying CISA’s Zero Trust Roadmap with Microsegmentation

🔒 CISA now frames microsegmentation as a foundational element of Zero Trust rather than a late-stage optimization, and modern solutions aim to remove historical deployment barriers. Zero Networks highlights agentless, automated, identity-aware, and MFA-enabled controls that speed policy creation and adaptation while minimizing disruption. The vendor cites industry research showing strong market growth, broad practitioner support, and substantial cost reductions compared with legacy segmentation approaches.

Government Shutdown Deepens US Cybersecurity Risks

⚠️ The US government shutdown that began on Sept. 30 deepens federal cyber risk by compounding prior spending cuts and workforce reductions. Significant cuts — including roughly $1.23 billion trimmed from civilian cyber budgets and about 1,000 CISA staff fired earlier in July — have already weakened defenses. Agencies have issued contingency plans and will exempt some critical SOCs and intelligence functions, but contractors and broader response capacity face disruption. Adversaries are likely monitoring for opportunities, and the effects will persist even after funding resumes.

CISA 2015 Expires Amid Government Shutdown, Hurdles Loom

🔒 Congress allowed CISA 2015 to lapse on Sept. 30, 2025 amid a US government shutdown, removing statutory liability shields for private-sector cyber threat information sharing. The expiration reduces government visibility into corporate threat data and is likely to make companies and CISOs more cautious about exchanging indicators and defensive measures. Experts urge immediate legal review and expect Congress may pursue a temporary reauthorization, though the timing and duration remain uncertain.

US Cuts Federal Funding for MS-ISAC Cyber Program Impact

🛡️ CISA has ended its cooperative agreement with the Center for Internet Security, terminating federal funding for the MS-ISAC on September 30 and placing the program's future in doubt. The MS-ISAC supports more than 18,000 state, local, territorial and tribal members with services such as advisories, secure information sharing, tabletop exercises and the Albert intrusion detection system. CIS has been temporarily subsidizing operations at over $1m per month but plans to phase out that support and is pushing members toward a paid membership model. CISA says it will move to a "new model" to support SLTT partners with tools, grant access and regional advisors.

CISA Strengthens Support for SLTT Governments Nationwide

🔒 CISA announced a transition to a new support model to better equip state, local, tribal, and territorial (SLTT) governments to strengthen shared responsibility nationwide. The agency's cooperative agreement with the Center for Internet Security (CIS) will end on September 30, 2025, prompting a shift to direct support. CISA will provide access to grant funding (via DHS/FEMA SLCGP and TCGP), no-cost tools such as cyber hygiene scanning and phishing assessments, regional advisors, and professional services to bolster local cybersecurity posture.

CISA Strengthens Cyber Support for State and Local Govts

🔒 CISA has transitioned to a new direct-support model to equip state, local, tribal, and territorial (SLTT) governments with access to grant funding, no-cost cybersecurity tools, and hands-on expertise. The agency’s cooperative agreement with the Center for Internet Security concludes on September 30, 2025, and CISA will deliver funding via DHS/FEMA programs including SLCGP and TCGP. Offered services include cyber hygiene scanning, phishing assessments, vulnerability management, the Cybersecurity Performance Goals and Cyber Security Evaluation Tool, regional advisors and incident response coordination, while CISA continues collaboration with MS-ISAC for Albert sensor users.

DHS and CISA Launch Cybersecurity Awareness Month 2025

🛡️ The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) announced the official start of Cybersecurity Awareness Month 2025, centered on the theme Building a Cyber Strong America. Administered by CISA, the campaign urges state, local, tribal, and territorial (SLTT) governments, small and medium businesses, and supply chain partners to bolster protections for critical services such as water, power, communications, food, and finance. Officials emphasized a whole-of-society approach and recommended immediate adoption of core controls—recognize and report phishing, require long unique passwords, enable multifactor authentication, keep software patched, enable system logging, back up data, and encrypt sensitive information—to improve resilience nationwide.

CISA Directs Agencies to Mitigate Cisco Device Risks

🚨 CISA issued Emergency Directive ED 25-03 directing federal agencies to identify, analyze, and mitigate potential compromises of Cisco ASA and Cisco Firepower devices after adding CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog. Agencies must inventory all devices (all versions) and collect memory/core dump files for forensic analysis, transmitting them to CISA by 11:59 p.m. EST on Sept. 26. CISA published supplemental guidance, an Eviction Strategies Tool template, and referenced Cisco and UK NCSC analyses to support containment, eviction, and remediation.

CISA: GeoServer RCE Exploit Led to Federal Agency Breach

🔒 CISA says attackers breached a U.S. federal agency after exploiting an unpatched GeoServer instance using the critical RCE flaw CVE-2024-36401. Threat actors uploaded web shells and access scripts, then moved laterally to compromise a web server and an SQL server. The intrusion remained undetected for three weeks until an EDR alert flagged suspected malware on July 31, 2024. CISA urges rapid patching of critical flaws and continuous EDR monitoring.

CISA Appoints Stephen Casapulla as Infrastructure Chief

🔔 The Cybersecurity and Infrastructure Security Agency (CISA) announced Stephen L. Casapulla as its new Executive Assistant Director for Infrastructure Security. Casapulla brings extensive federal experience, including service as Director for Critical Infrastructure Cybersecurity in the Office of the National Cyber Director and more than thirteen years at CISA and predecessor organizations. He also has prior roles at the Small Business Administration and the Department of State in Iraq, and over twenty years as a U.S. Navy Reserve officer. Casapulla will continue interim duties at the National Risk Management Center (NRMC) and serve as Acting Chief Strategy Officer.

CISA Issues Nine New ICS Advisories on Sep 18, 2025

🛡️ CISA released nine Industrial Control Systems (ICS) advisories on September 18, 2025, detailing vulnerabilities, exploits, and mitigations affecting multiple vendors and products. The advisories cover Westermo WeOS, Schneider Electric Saitel RTUs, Hitachi Energy Asset and Service Suites, Cognex In‑Sight devices, Dover Fueling Solutions ProGauge MagLink LX4 devices, plus updates for rail linking protocols and Mitsubishi FA engineering tools. Administrators and operators are urged to review the technical details and apply recommended mitigations promptly to reduce operational and safety risk.

OIG: CISA Wasted Millions and Mismanaged Incentives

🔍 The DHS Office of Inspector General (OIG) audit found that CISA misused federal funds and undermined its mission by broadly administering the Cyber Incentive program. The review identified 240 recipients in non-cyber support roles, poor record-keeping in OCHCO, and $1.4m in undocumented back pay among more than $138m disbursed since 2020. Payments typically ranged from $21,000 to $25,000 annually per person, more than 40% of staff received incentives, and the OIG issued eight recommendations to tighten eligibility, tracking, governance and recovery procedures; CISA has concurred with all recommendations.

CISA Publishes Strategic Roadmap for the CVE Program

🔒 CISA has published a strategic focus document, “CVE Quality for a Cyber Secure Future,” signaling federal support for the Common Vulnerabilities and Exposures (CVE) program and a shift from a growth-focused expansion to a defined Quality Era. The agency reaffirmed that the program should remain public and vendor‑neutral while evaluating potential mechanisms for diversified funding and taking a more active leadership role. The roadmap prioritizes automation, strengthened CNA services and CNAs of Last Resort, expanded API support, improved CVE.org capabilities, minimum data-quality standards and federated enrichment approaches such as Vulnrichment.

CISA Outlines Strategic Vision for CVE Program Quality

🛡️ CISA released "CISA Strategic Focus: CVE Quality for a Cyber Secure Future," a roadmap that shifts the CVE Program from its Growth Era to a Quality Era emphasizing trust, responsiveness, and improved vulnerability data. The plan highlights expanded community partnerships, potential diversified government sponsorship, technological modernization, and stronger transparency and communications. It also prioritizes data quality improvements, including standardized enrichment approaches such as Vulnrichment and expanded Authorized Data Publisher capabilities.

CISA Leads CVE Program: Mandate, Mission, Momentum

🔒CISA reaffirms federal leadership of the CVE Program, arguing that a neutral, government steward is essential to preserve trust and national security. The agency ties the program to operational initiatives such as the Known Exploited Vulnerabilities (KEV) Catalog and warns that privatization or fragmentation would erode reliability and increase risk. CISA outlines a shift from a 'Growth Era' to a 'Quality Era' focused on improving completeness, accuracy, timeliness, governance, and sustainable infrastructure, and invites practitioners, industry, and international partners to help shape the program's future.

CISA Priorities at 16th Billington CyberSecurity Summit

🔐 The Cybersecurity and Infrastructure Security Agency (CISA) will present senior leaders and experts at the 16th Annual Billington CyberSecurity Summit, Sept. 9–12 in Washington, D.C. Acting Director Madhu Gottumukkala and new Executive Assistant Director for Cybersecurity Nick Andersen will deliver fireside chats outlining CISA’s strategic objectives. Other sessions address vulnerability management, threat hunting, supply chain collaboration, and AI in code security. Registration is required.

Fifteen Nations Agree Joint Guidance on SBOM Adoption

🔐 A coalition of 21 agencies from 15 countries, led by CISA and the NSA, published joint guidance titled A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity on September 3. The document defines SBOM concepts, clarifies roles for producers, choosers and operators, and urges cross-border adoption. It promotes harmonized technical implementations and integration of SBOMs into security workflows to reduce complexity and improve supply chain risk management.

CISA Issues Five ICS Advisories on Critical Vulnerabilities

⚠ CISA released five Industrial Control Systems (ICS) advisories on September 4, 2025, detailing vulnerabilities, impacts, and recommended mitigations for multiple OT products and protocols. The advisories address Honeywell OneWireless WDM, Mitsubishi Electric/ICONICS products, Delta Electronics COMMGR, Honeywell Experion PKS, and the End-of-Train/Head-of-Train Remote Linking Protocol. Several notices are updates (A/B) that include revised technical analysis and vendor-supplied mitigations. Administrators are urged to review the advisories promptly and apply recommended controls.