Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
c.im is one of the many independent Mastodon servers you can use to participate in the fediverse.
C.IM is a general, mainly English-speaking Mastodon instance.

Administered by:

Server stats:

2.9K
active users

c.im: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#CISA

16 posts13 participants0 posts today
Public
AAKL

New: CISA has updated the KEV catalogue.

- CVE-2025-2783: Google Chromium Mojo Sandbox Escape Vulnerability cve.org/CVERecord?id=CVE-2025-

- Added yesterday:

- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability cve.org/CVERecord?id=CVE-2019-

- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability cve.org/CVERecord?id=CVE-2019- #CISA #cybersecurity #infosec #Google

Public *
Claudius Link

I'm looking for a #Tabletop #Cybersecurity incident exercise.
Idealy a sufficiently detailed scenario, similare to a (Solo) Adventure RPG Gamebook.

Any hints?

The #CISA Cybersecurity Scenarios cisa.gov/resources-tools/resou are going into this direction but contain too little details for me. I just have too little #Incident handling experience to create a coherent exercise which is addapted to participant actions.

Cybersecurity and Infrastructure Security Agency CISACybersecurity Scenarios | CISACybersecurity Scenarios These CTEPs include cybersecurity-based scenarios that incorporate various cyber threat vectors including ransomware, insider threats, phishing, and Industrial Control System (ICS) compromise. There are also sector-specific cybersecurity scenarios for elec
#FediPower
Public
☮ ♥🧑‍💻

“The upheaval at the #US government's #Cybersecurity and Infrastructure Security Agency, aka CISA, took another twist on Tuesday, as it moved to reinstate staffers it had #fired over the past few weeks - specifically those still in their probationary period - though they've been benched on paid leave for now.

Last week, a senior penetration tester at CISA claimed his 100-plus-strong #RedTeam as well as its support workers were dismissed after Elon #Musk's Trump-blessed cost-trimming #DOGE unit pulled the plug on a federal government contract; a second #CISA red team was also said to have been cut soon after.

The cyber-agency quickly confirmed it had indeed dumped a number of workers, and said its remaining red teams will continue to operate as usual.”

The sacking of #tech workers continues.

#TheRegister / #efficiency / #WhiteCollar / #sackings <theregister.com/2025/03/18/cis>

The Register · CISA fires, now rehires and immediately benches security crew on full payBy Iain Thomson
Public
Darren

just wow. that’s a proper security security vulnerability! None of this messy packing bytes into some arrangement that’s probably processor specific. just ask politely to skip all the middle layer with the authentication in it and go straight to the api call. I’m sure #CISA are all over it. infosec.exchange/@hdm/11420944

Infosec ExchangeHD Moore (@hdm@infosec.exchange)Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true` and causes the request to skip all middleware processing, including any authentication steps. Shodan reports over 300,000 services with the `X-Powered-By: Next.js` header alone. You can find links to the advisory and queries for runZero at: https://www.runzero.com/blog/next-js/
Continued thread
Public
Zhi Zhu 🕸️

DOGE to Fired CISA Staff: Email Us Your Personal Data
krebsonsecurity.com/2025/03/do

"The message instructed recently-fired #CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their #SocialSecurity number or date of birth in a password-protected email attachment — presumably with the #password needed to view the file included in the body of the email."

Headline and text from article: DOGE to Fired CISA Staff: Email Us Your Personal Data March 19, 2025 A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment — presumably with the password needed to view the file included in the body of the email.
#ElonMusk#Musk#Doge
Replied in thread
Public
Ferdi Magellan

@mwyres bloody Nora. President Musk is a disaster.

“On Monday, the administration announced that those dismissed employees would be reinstated but placed on paid administrative leave…

‘“Please provide a password protected attachment that provides your full name, your dates of employment (including date of termination), and one other identifying factor such as date of birth or social security number,” the message reads. “Please, to the extent that it is available, attach any termination notice.”’

#USPol#CISA#TurdReich
Continued thread
Public
Nonilex

That mission is now under threat, acc/to interviews with 7 #CISA employees & another person familiar w/the matter, all of whom requested anonymity to avoid reprisals.

“Our enemies are not slowing their continuous assaults on our systems,” says Suzanne Spaulding, who led CISA’s predecessor during the Obama admin. “We need all hands on deck & focused, not traumatized & distracted.”

#InfoSec#CyberSecurity#NationalSecurity
Continued thread
Public
Nonilex

Inside #CISA, vital support staff are gone, international partnerships have been strained, & workers are afraid to discuss #threats to #democracy that they’re now PROHIBITED from countering. Employees are even more overworked than usual, & new assignments from the admin are interfering w/important tasks. Meanwhile, CISA’s temporary leader is doing everything she can to appease #Trump, infuriating employees who say she’s out of touch & refusing to protect them.

#InfoSec#NationalSecurity#Musk
Public
Nonilex

‘People Are Scared’: Inside #CISA as It Reels From #TrumpPurge
Employees at the #Cybersecurity & #Infrastructure #Security Agency…are struggling to protect the #US while the #Trump admin dismisses their colleagues & poisons…partnerships.
#MassLayoffs & weak leadership are taking a severe toll on the US govt’s #cyber #defense agency, undermining its ability to protect America from…adversaries bent on crippling infrastructure & #ransomware gangs…bleeding #SmallBusiness dry.
archive.is/2025.03.13-143433/h

ExploreLive feeds
About