Federal agencies have until Dec. 23 to track down systems vulnerable to Log4j and apply patches or mitigations.
New guidance from the White House requires CISA to develop policies for federal agencies to move toward automated security incident reporting.
CISA and the FBI are warning that APT groups are exploiting a critical flaw (CVE-2021-44077) in the ManageEngine ServiceDesk Plus tool.
An APT group is using a suite of tools, including KdcSponge, Godzilla, and NGLite, to exploit a known ManageEngine flaw and move laterally.
CISA warned that an unnamed APT group associated with the Iranian government i exploiting known Fortinet and the Exchange ProxyShell bug to gain access to target networks.