shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

245
active users

#cisa

3 posts3 participants0 posts today
Replied to AAKL

@AAKL huh okay. Criticality or severity isn't really part of the KEV process at #CISA, though. And I'd argue that "has been actually observed as nonconsensually exploited" is still a pretty good indicator of "dang you better fix this now."

Continued thread

A week after that #hack, the #CISA recommended that users "discontinue use of the product" barring any mitigating instructions about how to use the app from #Smarsh.

Jake Williams, a fmr #NationalSecurity Agency #cyber specialist, said that, even if the intercepted text messages were innocuous, the wealth of #metadata - the who & when of the #leaked conversations & chat groups - posed a #counterintelligence risk.

📢 A coalition of 52 industry organizations is urging Congress to reauthorize CISA before it’s too late 🛡️📅

📝 The joint letter includes voices from critical sectors — energy, telecom, finance, healthcare, transportation, retail, and tech
📉 Without immediate reauthorization, programs supporting vulnerability coordination, incident response, and threat sharing will stall out.
⚠️ The current authorization expires September 30 😱
🏛️ The call: long-term, stable support for the U.S. government’s lead civilian cyber agency

When 52 business and infrastructure groups align on cyber policy, that’s not noise — it’s a warning flare.

#CyberSecurity #CISA #ThreatIntel #CyberPolicy #PublicPrivatePartnership #security #privacy #cloud #infosec
ciodive.com/news/cisa-reauthor

CIO Dive · Congress faces pressure to renew cyber information-sharing lawBy Eric Geller

#CISA #cybersecurity #Twitter #RSS #YTho

'The US government's Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X.'

theregister.com/2025/05/12/cis

The Register · CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, emailBy Iain Thomson

If you missed this, CISA is now backtracking on recent changes to the way it delivers cybersecurity alerts and advisories.

"We recognize this has caused some confusion in the cyber community. As such, we have paused immediate changes while we re-assess the best approach to sharing with our stakeholders."

CISA: Update to How CISA Shares Cyber-Related Alerts and Notifications cisa.gov/news-events/alerts/20 #CISA #cybersecurity #infosec

Cybersecurity and Infrastructure Security Agency CISAUpdate to How CISA Shares Cyber-Related Alerts and Notifications | CISACISA is changing how we announce cybersecurity updates and the release of new guidance.

As #US #vulnerability-tracking falters, #EU enters with its own #security bug database
The European Vulnerability Database (#EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems. The EUVD is similar to the US government's National Vulnerability Database (#NVD).
theregister.com/2025/05/13/eu_ #CISA

The Register · As US vuln-tracking falters, EU enters with its own security bug databaseBy Jessica Lyons

#arstechnica:
"
DOGE software engineer’s computer infected by info-stealing malware
"
"The presence of credentials in leaked "stealer logs" indicates his device was infected."
"A steady stream of published credentials"

arstechnica.com/security/2025/

8.5.2025

Ars Technica · DOGE software engineer’s computer infected by info-stealing malwareBy Dan Goodin

CISA's initial email announcement reducing public-facing security products preserved RSS feeds. But the website language has been updated to drop RSS as a remaining source.

The stated reasoning ("CISA wants this critical information to get the attention it deserves and ensure it is easier to find") is ... specious at best.

Even if we stipulate that keeping the general website less noisy is a net win, they could just ... provide a different web page? And it would be trivial to also create a separate RSS feed just for the vulnerability announcements. The automation is clearly already there and would be relatively easy to modify.

The actual reasoning is different from the stated reasoning, and is left as an exercise for the reader.

Edit: Jerry is setting up an email-to-Mastodon shim here!

infosec.exchange/@cisareflector

... which can then be followed as an RSS feed:

infosec.exchange/@cisareflecto