Aggregator

You must login to view this content

CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, released comprehensive guidance to help operational technology (OT) owners and operators across all critical infrastructure sectors create and maintain OT asset inventories and supplemental taxonomies. 

An asset inventory is a regularly updated, structured list of an organization's systems, hardware, and software. It includes a categorization system—a taxonomy—that classifies assets based on their importance and function. This guidance explains how OT owners and operators can create, maintain, and use asset inventories and taxonomies to identify and safeguard their critical assets. 

Following this guidance, organizations may gain deeper insights into their architecture, optimize their defenses, better assess and reduce cybersecurity risk in their environments, and enhance incident response planning to ensure service continuity.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

• CVE-2025-8875 N-able N-central Insecure Deserialization Vulnerability
• CVE-2025-8876 N-able N-central Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

Security researchers at Infoblox Threat Intel have revealed the complex workings of VexTrio, a highly skilled cybercriminal network that has been active since at least 2017. This discovery highlights the ongoing dangers in the digital economy. Formerly known simply as VexTrio, this group now dubbed VexTrio Viper leverages advanced traffic distribution systems (TDSs), lookalike domains, […]

The post VexTrio Hackers Use Fake CAPTCHAs and Malicious Apps on Google Play & App Store to Target Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new CSO Online report based on research by Heimdal and FutureSafe paints a troubling picture for the managed services industry: 89% of MSPs struggle with integrating their security tools, and more than half (56%) experience daily or weekly alert fatigue. Even more concerning, MSPs juggling seven or more security tools reported almost double the

The post Tool Overload Is Fueling Alert Fatigue, and Missed Threats, for MSPs appeared first on Seceon Inc.

The post Tool Overload Is Fueling Alert Fatigue, and Missed Threats, for MSPs appeared first on Security Boulevard.