Category: CISA

Auto Added by WPeMatico

CISA, Cybersecurity, Data Privacy, ENISA, Europe, EUVD, Global Security News, MITRE, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight, vulnerability database

EU Stakes Out Digital Sovereignty With Vulnerability Database

May 19, 2025

Depending on who’s doing the talking, the new European Vulnerability Database (EUVD), set up by the European Union Agency for Cybersecurity (ENISA) and which recently went operational, is a much-needed alternative to EU dependency on MITRE. Or it’s one more vulnerability database to maintain. Or it’s both. The post EU Stakes Out Digital Sovereignty With…

DHS Cancels $2.4 Billion Leidos Contract, Cites Changes at CISA

May 15, 2025

DHS cancelled a $2.4 billion contract to Leidos that was awarded last year for ACTS, a project aimed at supporting CISA. Rival Nightwing protested the award, but DHS said the contract was pulled in light of budgetary and mission changes at CISA since the Trump Administration assumed power in January. The post DHS Cancels $2.4…

As US CVE Database Fumbles, EU ‘Replacement’ Goes Live

May 14, 2025

Diesen Kuß der ganzen Welt! European Union Vulnerability Database (EUVD) launches this week. And not a moment too soon. The post As US CVE Database Fumbles, EU ‘Replacement’ Goes Live appeared first on Security Boulevard.

SonicWall customers confront resurgence of actively exploited vulnerabilities

May 9, 2025

Vulnerabilities are proliferating in SonicWall devices and software this year, putting the vendor’s customers at risk of intrusion via secure access gateways and firewalls. The year started off on a sour note for the California-based company when it released security advisories for nine vulnerabilities on Jan. 7. The total number of vulnerabilities publicly disclosed by…

Sen. Murphy: Trump administration has ‘illegally gutted funding for cybersecurity’

May 8, 2025

Another top appropriations Democrat criticized budget cuts affecting the Cybersecurity and Infrastructure Security Agency, saying the Trump administration has “illegally gutted funding for cybersecurity.” Connecticut Sen. Chris Murphy, the ranking member on the Senate Appropriations Subcommittee on Homeland Security, made his remarks Thursday to Department of Homeland Security Secretary Kristi Noem at a hearing on…

Trump Proposes Cutting CISA Budget by $491 Million

May 7, 2025

President Trump wants to cut CISA’s budget by $491 million, or 17%, to refocus it on its “core mission” and end what he said is censorship of him and his supporters. Critics of the cuts accusing the administration of politicizing cybersecurity and opening the door wider to adversaries like China and Russia. The post Trump…

House appropriators have reservations — or worse — about proposed CISA cuts

May 6, 2025

House appropriators on Tuesday challenged proposed budget cuts for the Cybersecurity and Infrastructure Security Agency, with Democrats saying the Trump administration was disturbingly moving money away from the agency and a key Republican saying he needed to see justifications for the reductions. The Trump administration has proposed cutting CISA funding by $491 million, and some…

Amazon, CrowdStrike, Google and Palo Alto Networks claim no change to threat intel sharing under Trump

May 2, 2025

SAN FRANCISCO — Threat intelligence sharing is flowing between the private sector and federal government and remains unimpeded thus far by job losses and budget cuts across federal agencies that support the cyber mission, according to executives at major security firms. Top brass at Amazon, CrowdStrike, Google and Palo Alto Networks said there’s been no…

Trump administration proposes cutting $491M from CISA budget

May 2, 2025

President Donald Trump’s fiscal 2026 budget proposal would slash $491 million from the budget of the Cybersecurity and Infrastructure Security Agency, according to a summary released Friday. That would amount to a nearly 17% reduction to the agency’s approximately $3 billion budget. The administration did not release a detailed itemization of the cuts, only an…

Homeland Secretary Noem Vows to Put CISA ‘Back to Focusing on its Core Mission’

April 30, 2025

Homeland Security Secretary Kristi Noem vowed to refocus CISA, especially in defense of critical systems threats from China. The post Homeland Secretary Noem Vows to Put CISA ‘Back to Focusing on its Core Mission’ appeared first on Security Boulevard.

Bipartisanship Key to CISA Renewal

April 25, 2025

As fractious as Congress has been for the better part of a decade, it did manage to pass the Cybersecurity Information Sharing Act in 2015. And now that it’s up for renewal, it seems prudent—no, necessary—that Congress unite to okay it once again. The post Bipartisanship Key to CISA Renewal appeared first on Security Boulevard.

CISA gets new No. 2: Madhu Gottumukkala

April 24, 2025

The Cybersecurity and Infrastructure Security Agency will soon have a new second-in-command. Madhu Gottumukkala has been named deputy director. He comes over to CISA from his prior position in the South Dakota government, where Kristi Noem was most recently governor before taking over as secretary of the Department of Homeland Security. Gottumukkala had been commissioner…

VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025

April 24, 2025

Attackers exploited nearly a third of vulnerabilities within a day of CVE disclosure in the first quarter of 2025, VulnCheck said in a report released Thursday. The company, which focuses on vulnerability threat intelligence, identified 159 actively exploited vulnerabilities from 50 sources during the quarter. The time from CVE disclosure to evidence of exploitation in…

Multiple top CISA officials behind ‘Secure by Design’ resign

April 21, 2025

Two top officials at the Cybersecurity and Infrastructure Security Agency who worked with the private sector to manufacture secure products and technology are leaving the agency. Bob Lord, senior technical adviser and Lauren Zabierek, senior advisor at CISA, were both chief architects behind CISA’s Secure by Design initiative, which garnered voluntary commitments from major vendors…

Chris Krebs resigns from SentinelOne to focus on fighting Trump’s executive order

April 17, 2025

Chris Krebs has resigned from SentinelOne, saying he needs to devote himself fully to fighting the executive order President Donald Trump signed to target his former director of the Cybersecurity and Infrastructure Security Agency. The executive order was a key touchpoint in Trump’s unprecedented campaign to punish those he views as his enemies. While at…

CISA reverses course, extends MITRE CVE contract

April 16, 2025

In a last-minute switch, the Cybersecurity and Infrastructure Security Agency said it will continue funding a contract for MITRE to manage the CVE program and other vulnerability databases. In a statement sent to CyberScoop, a spokesperson said the agency executed an option to extend the contract and avoid a potential lapse in a program that…

MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’

April 16, 2025

These are “interesting” times: U.S. government funding for the Common Vulnerabilities and Exposures program expires April 16. The post MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’ appeared first on Security Boulevard.

Exclusive: Peters, Rounds tee up bill to renew expiring cyber threat information sharing law

April 16, 2025

A bipartisan pair of senators are kicking off the race Wednesday to reauthorize a 2015 cyber threat information sharing law, a move that industry groups and cyber experts are eager to see happen before it’s set to expire in September. Advocates say the 10-year-old Cybersecurity Information Sharing Act has been vital to sharing threat information…

Public Support Emerges for Chris Krebs, SentinelOne After Trump Memo

April 15, 2025

The cybersecurity industry has been conspicuously quiet after President Trump targeted ex-CISA director Chris Krebs and SentinelOne for retribution. However, some voices have risen above the silence to urge support and the need for public pushback. The post Public Support Emerges for Chris Krebs, SentinelOne After Trump Memo appeared first on Security Boulevard.

Is Ivanti the problem or a symptom of a systemic issue with network devices?

April 14, 2025

Network edge devices — hardware that powers firewalls, VPNs and network routers — have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular — Ivanti — have confronted exploited vulnerabilities in their products more than any…

Rep. Swalwell demands Hill briefing on planned CISA personnel cuts

April 11, 2025

The Cybersecurity and Infrastructure Security Agency must brief Congress on proposed deep cuts to agency personnel, a top Democrat said in a letter to its acting director. California Rep. Eric Swalwell, ranking member of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, wrote in the letter to acting Director Bridget Bean on Thursday…

Trump Strips Security Clearances of Ex-CISA Head Krebs, SentinelOne

April 10, 2025

President Trump stripped former CISA head Chris Krebs of his security clearances, accusing him of disloyalty for claiming the 2020 election was safe and disagreeing with him regarding the pandemic. SentinelOne, where Krebs is an executive, also was targeted by Trump, who further ordered investigations of Krebs and CISA. The post Trump Strips Security Clearances…

Wyden to Hold Up Trump CISA Nominee Over Telecom ‘Cover Up’: Report

April 9, 2025

Senator Ron Wyden (D-OR) is demanding CISA release a three-year-old report critical of telecoms’ security in the wake of the expansive Salt Typhoon hacks before he lifts a hold on President Trump’s nomination of Sean Plankey as head of the agency. The post Wyden to Hold Up Trump CISA Nominee Over Telecom ‘Cover Up’: Report…

China-backed espionage group hits Ivanti customers again

April 3, 2025

Ivanti customers are confronting another string of attacks linked to an actively exploited vulnerability in the company’s VPN products. Mandiant said a nation-state backed espionage group linked to China has been exploiting the critical vulnerability, CVE-2025-22457, since mid-March. The threat group, which Google Threat Intelligence Group tracks as UNC5221, has a knack for exploiting Ivanti…

Don’t cut CISA personnel, House panel leaders say, as they plan legislation giving the agency more to do

April 2, 2025

Leaders of a key House subcommittee criticized the Trump administration’s personnel cuts at the Cybersecurity and Infrastructure Security Agency on Wednesday, with its chairman saying he wants CISA to take on more responsibilities, not less — some of which figure into his legislative priorities. Rep. Andrew Garbarino, the New York Republican who chairs the House…

Renew — but improve — billion-dollar cyber grant program to states and locals, House witnesses say

April 1, 2025

It’s vital that Congress renew the expiring $1 billion state and local cybersecurity grant program, witnesses testified before a House panel, but they added that it could benefit from some upgrades, too. New York Rep. Andrew Garbarino, chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection that held the hearing Tuesday, said…

Trump’s ‘preparedness’ executive order would shift cyber defense burden where it doesn’t belong, experts say

March 28, 2025

Many cyber experts are panning a new Trump administration executive order that would shift more responsibilities for responding to cyberattacks to state and local governments, saying it will leave states holding the bag for a job they aren’t best equipped to handle. The executive order, issued last week, is entitled “Achieving Efficiency Through State and…

Congress should re-up 2015 information-sharing law, top Hill staffer says

March 19, 2025

Congress needs to reauthorize an expiring law that provides legal protections to companies for sharing cyber threat information with the federal government and each other, the staff director for Democrats on the Senate Homeland Security and Governmental Affairs Committee said Wednesday. The 2015 Cybersecurity and Infrastructure Security Act is due to lapse at the end…

CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’

March 18, 2025

Response to CISA Advisory (AA25-071A): #StopRansomware: Medusa Ransomware

March 13, 2025

AttackIQ has released a new assessment template in response to the CISA Advisory (AA25-071A) published on March 12, 2025, which details new behaviors exhibited by Medusa Ransomware. The post Response to CISA Advisory (AA25-071A): #StopRansomware: Medusa Ransomware appeared first on AttackIQ. The post Response to CISA Advisory (AA25-071A): #StopRansomware: Medusa Ransomware appeared first on Security…

DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts

March 11, 2025

Amid personnel turmoil at cyber agencies, a government shutdown could increase potential harm

March 11, 2025

A potential government shutdown looms by the end of this week if Congress doesn’t pass legislation to keep funding the federal government, a development that could worsen problems cyber personnel and agencies are experiencing under the second Trump administration, experts say. Many cyber feds would likely be exempt from furloughs during a government shutdown, common…

Trump nominates Sean Plankey as new CISA director

March 11, 2025

Sean Plankey picked by Trump to be CISA director

March 11, 2025

President Donald Trump nominated Sean Plankey to head the Cybersecurity and Infrastructure Security Committee on Tuesday, the last major piece to fall into place for cybersecurity leadership in his administration. Plankey served in the first Trump administration, holding a few posts with cyber responsibilities. He was the principal deputy assistant secretary for the Energy Department’s…

Trump Administration and the Russian Cyber Threat, Firefox Privacy Changes

March 9, 2025

In this episode, we discuss whether the Trump administration ordered the U.S. Cyber Command and CISA to stand down on the Russian cyber threat. We also touch on the Canadian tariff situation with insights from Scott Wright. Additionally, we discuss the recent changes to Firefox’s privacy policy and what it means for user data. **…

CISA completed its election security review. It won’t make the results public

March 7, 2025

When the Trump administration began sidelining and laying off personnel at the Cybersecurity and Infrastructure Security Agency, it started by targeting employees who worked on election security and disinformation. At the same time, the Department Homeland Security announced it would conduct a comprehensive review of CISA’s election security mission. This week, the agency confirmed that…

CISA refutes claims it has been ordered to stop monitoring Russian cyber threats

March 4, 2025

It’s been a confusing few days in the world of American cybersecurity… Read more in my article on the Hot for Security blog.

Security Pros Push Back as Trump Orders Halt to Cyber Ops vs. Russia

March 3, 2025

The Trump Administration’s orders to the DoD and CISA to halt cyber operations and investigations against Russia is a gift to the United States’ longtime foreign adversary and makes the country less safe, according to cybersecurity professionals. The post Security Pros Push Back as Trump Orders Halt to Cyber Ops vs. Russia appeared first on…

Security Pros Push Back as Trump Orders Halt to Cyber Ops vs. Russia

March 3, 2025

DHS says CISA won’t stop looking at Russian cyber threats

March 3, 2025

The Department of Homeland Security said that its Cybersecurity and Infrastructure Security Agency will continue to pay attention to Russian cyber threats, contrary to media reports suggesting the opposite. The Guardian reported last week that a recent CISA memo setting out priorities for the agency didn’t list Russia among them, while including Chinese threats and…

Stop targeting Russian hackers, Trump administration orders US Cyber Command

March 3, 2025

The Trump administration has told US cyber command and CISA to stop following or reporting on Russian cyber threats. Yes, Russia! That country everyone used to agree was home to lots of ransomware gangs and hackers. Hmmm… Read more in my article on the Hot for Security blog.

Cybersecurity Impact of DOGE, Apple’s Stand Against Encryption Backdoors

March 2, 2025

In this episode, Kevin and Tom discuss current events including the latest developments with DOGE and the significant changes happening at the Cybersecurity and Infrastructure Security Agency (CISA). They also touch on Apple’s decision to refuse creating backdoors for encryption, setting a new precedent in digital security. Tune in for an insightful discussion on the…

Cybersecurity Impact of DOGE, Apple’s Stand Against Encryption Backdoors

March 2, 2025

Cyber workforce legislation vote gives rise to partisan rift on House Homeland Security Committee

February 26, 2025

A partisan divide opened Wednesday over a bill to bolster the cyber workforce, legislation that earned unanimous support in the House Homeland Security Committee last year but that Democrats are now wary of under President Donald Trump. Under the legislation, students at technical schools and community colleges would receive scholarships in return for two years…

Karen Evans steps into a leading federal cyber position: executive assistant director for cybersecurity at CISA

February 26, 2025

Federal IT and cyber government veteran Karen Evans is the new executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency. It’s one of the most prominent cyber jobs in the federal government, previously held by Jeff Greene and Eric Goldstein. A description of the post on the CISA website says that the…

A major cybersecurity law is expiring soon — and advocates are prepping to push Congress for renewal

February 26, 2025

A push is gearing up to renew an expiring 10-year-old cybersecurity law that was viewed at its initial passage as the most significant cybersecurity legislation Congress had ever passed, and that advocates say now fosters several important threat-sharing initiatives. The 2015 Cybersecurity Information Sharing Act provides safeguards for companies that voluntarily share threat intelligence data…

No, that’s not the acting head of the Social Security Administration. That’s a former CISA employee.

February 21, 2025

A longtime former employee of the Cybersecurity and Infrastructure Security Agency, an agency in the midst of curtailing its anti-misinformation and disinformation work under President Donald Trump, has found himself being misidentified online as a key figure in another Trump administration battle. On social media and in some news outlets, Ross Foard, a former CISA…

CISA election security officials placed on leave: report

February 11, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reportedly placed several members of its election security team on administrative leave. The Associated Press, citing a person familiar with the situation, reports that 17 CISA employees have been placed on leave pending review. The employees had worked with election officials to counter a range of…

CISA/FDA Warn: Chinese Patient Monitors Have BAD Bugs

February 3, 2025

China crisis? Stop using this healthcare equipment, say Cybersecurity & Infrastructure Security Agency and Food & Drug Administration. The post CISA/FDA Warn: Chinese Patient Monitors Have BAD Bugs appeared first on Security Boulevard.

Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker

January 22, 2025

The top Democrat on the House Homeland Security Committee and a number of cyber professionals on Wednesday lamented the Trump administration’s decision to purge a cyber incident investigation board of its membership. But the move had some supporters, including the chairman of that same committee. Acting Department of Homeland Security Secretary Benjamine Huffman issued a…

Noem: No anti-disinformation, misinformation action under her as DHS secretary

January 17, 2025

Department of Homeland Security secretary nominee Kristi Noem committed to senators Friday that if confirmed she would keep the department out of efforts to combat disinformation and misinformation, and pledged to make the Cybersecurity and Infrastructure Security Agency “smaller, more nimble.” The South Dakota governor’s remarks signal that the incoming Trump administration will act on…

Biden cyber executive order gets mostly plaudits, but its fate is uncertain

January 16, 2025

A sweeping executive order on cybersecurity released Thursday won largely positive reviews, with the main question being its timing — and what will come of it with the executive branch set to be handed over from president to president. Chris Inglis, the former national cyber director for Joe Biden who has served under both Democrats…

A CISA secure-by-design guru makes the case for the future of the initiative

January 16, 2025

One of the chief architects of the Cybersecurity and Infrastructure Security Agency campaign to get software developers to design their products with security in mind said he believes it could be one of the best tools the Trump administration has to counter China. Jack Cable, who is departing his role as senior technical adviser Thursday,…

Critical Infrastructure Seeing Benefits of Government Program, CISA Says

January 14, 2025

CISA in two years has seen the number of critical infrastructure organizations signing up for its CPG services double, which has improved the overall security in most sectors, but more needs to be done to strengthen what has become a target adversarial state-sponsored threat groups. The post Critical Infrastructure Seeing Benefits of Government Program, CISA…

Second Biden cyber executive order directs agency action on fed security, AI, space

January 13, 2025

A draft cybersecurity executive order would tackle cyber defenses in locations ranging from outer space to the U.S. federal bureaucracy to its contractors, and address security risks embedded in subjects like cybercrime, artificial intelligence and quantum computers. The draft, a copy of which CyberScoop obtained, constitutes one big last stab at cybersecurity in the Biden…

CISA says ‘no indication’ of wider government hack beyond Treasury

January 6, 2025

Playbook advises federal grant managers how to build cybersecurity into their programs

December 17, 2024

Two U.S. cyber agencies released guidance Tuesday on how federal grant managers should incorporate cybersecurity in their programs for critical infrastructure projects, as well as how potential recipients can take it into account. The Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency publication — the “Playbook for Strengthening Cybersecurity in…

CISA pitches updated cyber incident response plan as an ‘agile, actionable’ framework

December 16, 2024

The Cybersecurity and Infrastructure Security Agency on Monday opened a month-long public comment period for its updated draft plan detailing how the public and private sectors should respond to significant cyber incidents. The revamped National Cyber Incident Response Plan — an effort from CISA, the agency’s Joint Cyber Defense Collaborative and the Office of the…

Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches

December 11, 2024

The $3 billion that Congress folded into the annual defense policy bill to remove Chinese-made telecommunications technology from U.S. networks would be a huge start to defending against breaches like the Salt Typhoon espionage campaign, senators and hearing witnesses said Wednesday. Federal Communications Commission Chairwoman Jessica Rosenworcel recently told Hill leaders that the $1.9 billion…

CISA, Cybersecurity, Data Privacy, ENISA, Europe, EUVD, Global Security News, MITRE, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight, vulnerability database

Biden administration, CISA, Cyberlaw, Cybersecurity, DHS, Donald Trump, Featured, Global Security News, Governance, Risk & Compliance, Network Security, News, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight

Asia Pacific, budget cuts, CISA, Cloud Security, Cyberlaw, Cybersecurity, Data Security, Donald Trump, Featured, Global Security News, Mobile Security, Network Security, News, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight

Asia Pacific, budget, china, CISA, Cybercrime, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security (DHS), Global Security News, Government, House Appropriations Committee, Policy

2025 RSAC, Asia Pacific, china, CISA, Cybersecurity, DHS, Featured, Global Security News, News, rsac, Salt Typhoon, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight, Volt Typhoon

CISA, Congress, Cybersecurity, Global Security News, governance, Governance, Risk & Compliance, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight

CISA, Cybersecurity and Infrastructure Security Agency (CISA), Dakota State University, Global Security News, Workforce

CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, IBM X-Force, known exploited vulnerabilities (KEV), Mandiant, Research, Verizon Data Breach Investigations Report, Verizon DBIR, VulnCheck, vulnerabilities

CISA, Cybersecurity, Global Security News, Government, Policy, resigns, secure by design, Technology, Workforce

CISA, CVE, CVE Foundation, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, MITRE, National Vulnerability Database, NIST

Chris Krebs, CISA, Cyberlaw, Cybersecurity, Featured, Global Security News, News, Security Awareness, Security Boulevard (Original), security clearance, SentinelOne, Social - Facebook, Social - LinkedIn, Social - X, Spotlight, Trump Administration

china, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency, espionage, exploit, Exploits, Global Security News, Google Threat Intelligence Group, ivanti, known exploited vulnerabilities (KEV), Mandiant, Research, Threats, vulnerability

CISA, Cybersecurity, doge, Global IT News, Global Security News, Layoffs, Security, us government

#StopRansomware, adversary emulation, Broad-Based Attacks, CISA, Global Security News, Medusa, Ransomware, Security Bloggers Network

CISA, Cybersecurity, doge, Exclusive, Global IT News, Global Security News, Layoffs, scoop, Security, us government

CISA, Global IT News, Global Security News, In Brief, Sean Plankey, Security, us government

CISA, Cybersecurity, Department of Homeland Security (DHS), disinformation, Election Security, Global Security News, Government, Trump Administration

CISA, Global Security News, Guest blog, Law & order, malware, Russia, Security threats, united states

Bennie Thompson, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, House Homeland Security Committee, Jake Williams, Russia, Threats

CISA, Donald Trump, Global Security News, Guest blog, Law & order, malware, Ransomware, Russia, Security threats, Ukraine, united states

china, CISA, Cybersecurity and Infrastructure Security Agency (CISA), Department of Government Efficency, disinformation, Election Security, Elon Musk, Global Security News, Government, misinformation, Social Security Administration, Trump Administration, Twitter, Workforce

CISA, Cybersecurity, Global IT News, Global Security News, Security, us government