Connect with us
CISA Orders Agencies to Urgently Fix Hundreds of Hacker Exploited Vulnerabilities CISA Orders Agencies to Urgently Fix Hundreds of Hacker Exploited Vulnerabilities

Security

CISA Orders Agencies to Urgently Fix Hundreds of Hacker-Exploited Vulnerabilities

Published

on

Federal agencies have 60 days to review and update their internal cybersecurity programs.

The US Cyber ​​and Infrastructure Security Agency (CISA) issues first mandatory operating room this year directive (binding operational directive, BOD), directing federal civil agencies to fix the vulnerabilities used by cybercriminals during attacks in strict time frames.

The new directive BOD 22-01 Reducing the Significant Risk of Known Exploited Vulnerabilities applies to both software and hardware in federal information systems with and without Internet access, including those operated federal agencies or third parties on behalf of the agency.

“This is a big step forward in protecting federal civic networks. Mandatory Operating Directive (BOD) 22-01 sets a timeline for the elimination of known exploitable vulnerabilities. ” reported Director of CISA Jen Easterly.

CISA published list hundreds of exploitable vulnerabilities that expose government systems to significant attack risks if successfully exploited by attackers.

The list currently includes 200 vulnerabilities identified between 2017 and 2020 and 90 vulnerabilities discovered in 2021. CISA regularly updates the list with newly discovered vulnerabilities if they meet the following conditions:

  • The vulnerability was assigned the Common Vulnerabilities and Exposures (CVE) identifier.

  • There is credible evidence of exploitation in cyberattacks.

  • There is a clear action to remediate the vulnerability, such as a vendor-provided update.

CISA ordered federal agencies to review and update their internal cybersecurity programs within 60 days of the directive’s publication. Agencies will also be required to submit quarterly vulnerability patch status reports through CyberScope or CDM Federal Dashboard.

Click to comment

Leave a Reply

Your email address will not be published.

Security

Nvidia lost. LHR mining protection is also hacked under Linux. This was done by NBMiner developers

Published

on

Nvidia lost LHR mining protection is also hacked under

Two days have passed since the NiceHash developers cracked the Nvidia LHR protection, as the NBMiner team also pleased their users with the same news. Only this time we are talking about software for Linux.

Nvidia lost.  LHR mining protection is also hacked under Linux.  This was done by NBMiner developers

Thus, Nvidia’s protection completely fell for both Windows and Linux. Unfortunately, both programs are closed source, so it’s not clear what mechanisms the developers used to hack.

Whether the loss of Nvidia will affect the availability and prices of video cards is still difficult to say. At the moment, the cryptocurrency market continues to fall, but sooner or later it will turn around, and gamers may again face shortages and overpriced graphics cards.

Continue Reading

Security

Xiaomi has released a profitable set of security camera and smart door locksmart door lock

Published

on

Xiaomi has released a profitable set of security camera and

Xiaomi has introduced a new kit with an outdoor video surveillance camera and a smart door lock, which includes Mi Outdoor camera and Mi Smart Door Lock 1S.

The bundle is priced at around $237, which is a great deal as these devices cost $20 more individually.

Mi Smart Door Lock 1S supports 7 unlocking methods, including fingerprint, password, temporary password, Bluetooth, HomeKit, NFC or regular key unlock. Compared to the first generation, the new lock supports both the Mijia app and Apple HomeKit.

Xiaomi has released a profitable set of security camera and

As for the rechargeable version of Xiaomi Outdoor Camera, this is Xiaomi’s first outdoor wireless camera. It has an independent design and can be installed without connecting the mains cable or power cable. It has a wide viewing angle of 130°, 1080p resolution and supports WDR technology.

In addition, the battery version of the Xiaomi Outdoor Camera offers night vision up to 7 meters and people detection function. It is IP65 rated and has a long battery life of up to 90 days.

Continue Reading

Security

“These are machines for sucking out personal data.” Prayer and mental health apps have poor security

Published

on

These are machines for sucking out personal data Prayer and

Mental health apps have worse privacy protection than most other types of apps, according to a new analysis by Mozilla. We are talking about the entire category as a whole. In addition, things are also bad for prayer applications.

“These are machines for sucking out personal data.”  Prayer and mental health apps have poor security

The vast majority of mental health and prayer apps are exceptionally creepy. They track a variety of data, share and capitalize on users’ most intimate personal thoughts and feelings, such as mood, mental state, and biometric data.

The team analyzed 32 mental health and prayer apps. Of these apps, 29 received a Privacy not included warning, indicating that the team is concerned about how the app manages user data.

These applications collect large amounts of personal data in accordance with vague privacy policies. Most applications have also been found to have poor security practices that allow users to create accounts with weak passwords. Considering how much personal information such programs can contain, this is a bad feature.

The list of the worst programs according to the specified criteria included Better Help, Youper, Woebot, Better Stop Suicide, Pray.com and Talkspace. In particular, the Woebot chatbot claims to collect information about users and shares this data for advertising purposes, and Talkspace collects transcripts of user chats.

They work like data-sucking machines with the look and feel of a mental health app. In other words: wolves in sheep’s clothing

Continue Reading

Most Popular