US Cybersecurity and Infrastructure Security Agency
Coverage of US Cybersecurity and Infrastructure Security Agency in the Nexus archive.
- US cyber agency CISA exposed reams of passwords and cloud keys to the open web
The US federal cybersecurity agency CISA exposed plaintext passwords and cloud keys to the public web by uploading a spreadsheet to a GitHub repository. This was discovered through a report by independent journalist Brian Krebs. The incident raises concerns about the agency's handling of sensitive information.
- CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a vulnerability in Cisco SD-WAN systems by Sunday. The bug could allow remote attackers to bypass authentication and gain administrative privileges. Cisco released a patch for the vulnerability on Thursday.
- Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline
Instructure's online learning platform Canvas experienced two rounds of unauthorized activity, with data theft and extortion crew ShinyHunters threatening to leak data of over 275 million students and staff. The breach affected nearly 9,000 schools worldwide, including Harvard and Stanford universities. Instructure has taken measures to contain the incident and notified the FBI and US Cybersecurity and Infrastructure Security Agency.
- Attackers are cashing in on fresh 'CopyFail' Linux flaw
A newly-disclosed Linux kernel bug called 'CopyFail' is being exploited by attackers, just days after researchers released a working root-level exploit. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the vulnerability. Attackers are taking advantage of the flaw to gain unauthorized access.
- Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack
Microsoft's patch for a 0-day vulnerability exploited by Russian spies proved ineffective, and attackers are now exploiting another zero-click Windows flaw that risks exposing sensitive system data. The US Cybersecurity and Infrastructure Security Agency (CISA) has joined Microsoft in issuing warnings about the ongoing threat.