Hey threat intel folx:
Is CISA and the KEV something even worth paying attention to any more given, you know, everything? Still accurate?
Tim Chambers
boosted
🚨 CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info
「 The federal government has issued an emergency directive ordering all civilian agencies to update products from F5 after the security company said a nation-state actor had long-term persistent access to source code and information about undisclosed vulnerabilities during a breach discovered in August 」
https://therecord.media/cisa-directive-f5-nation-state-incident
🚨 CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info
「 The federal government has issued an emergency directive ordering all civilian agencies to update products from F5 after the security company said a nation-state actor had long-term persistent access to source code and information about undisclosed vulnerabilities during a breach discovered in August 」
https://therecord.media/cisa-directive-f5-nation-state-incident
der.hans
and 3 others
boosted
NEW, by me, the one some of you have been asking about:
Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records
I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.
#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA
@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs
NEW, by me, the one some of you have been asking about:
Months After Being Notified, a Software Vendor is Still Exposing Confidential and Sealed Court Records
I don't usually ask for boosts, but if you are in a position to help spread the word about this vendor and that its clients need to check their security, that would be great.
#dataleak, #incidentresponse, #infosecurity, #cybersecurity, #SoftwareUnlimitedCorp #FBI #CISA
@zackwhittaker @euroinfosec @campuscodi @therecord_media @GossiTheDog @briankrebs
Protezioni scadute, reti esposte: con la #CISA, l'infrastruttura di sicurezza informatica americana potrebbe pericolosamente scomparire da un giorno all'altro
Domani scade il Cybersecurity Information Sharing Act (CISA) e le tutele legali che consentono alle organizzazioni di condividere informazioni sulle minacce con il governo.
Se il Congresso non lo riautorizza, possiamo dire addio alla difesa informatica collaborativa occidentale.
https://cyberscoop.com/cybersecurity-information-sharing-act-expiration-date/
“Microsoft has released patches to “fully protect” SharePoint 2019 and SharePoint Subscription Edition servers, and the company is actively working on a patch for SharePoint 2016.
#CISA …says that the scope and impact of the attacks are still being assessed, and that any servers that have been impacted by the exploit should be disconnected from the internet until an official resolution is available.”
#Sharepoint #zerodayhttps://mastodon.social/@verge/114890559136880575
As #US #vulnerability-tracking falters, #EU enters with its own #security bug database
The European Vulnerability Database ( #EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems. The EUVD is similar to the US government's National Vulnerability Database ( #NVD).
https://www.theregister.com/2025/05/13/eu_security_bug_database/ #CISA