Biztonsági szemle

The SEC alleges SolarWinds and CISO Tim Brown defrauded investors by not disclosing security risks ahead of the 2020 Orion Sunburst attacks.

It has been a while that I did not find an interesting malicious Python script. All the scripts that I recently spotted were always the same: a classic intostealer using Discord as C2 channel. Today I found one that contains a...

Cyber adversaries are scanning public GitHub repositories in real-time, evading Amazon quarantine controls, and harvesting AWS keys.

Microsoft's longstanding practice isn't enough to handle its vulnerability problem.

$2.5 billion dollars worth of fines have been levied against financial institutions due to employees using unauthorized communication channels and not recording these communications. What can be done to try and prevent this from happening.

Learn how to take threat intelligence data available in Cisco Vulnerability Management and use it to uncover trends in Cisco Secure Firewall, uncovering new insights.

Mira M. discusses the culmination of a Cisco Marketing Internship: Readout Week and her other #LoveWhereYouWork moments from Intern Week in San Jose.

Despite the growing demand for AI transparency, 10 of the better-known models did not score very highly on Stanford's new Foundation Model Transparency Index.

CISA released three Industrial Control Systems (ICS) advisories on October 31, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-304-02 INEA ME RTU ICSA-23-304-03...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: INEA Equipment: ME RTU Vulnerabilities: OS Command Injection, Improper Authentication 2. RISK EVALUATION Successful exploitation of these...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Zavio Equipment: IP Camera Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer, OS Command Injection 2. RISK...

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-46747 F5 BIG-IP Authentication Bypass Vulnerability CVE-2023-46748 F5 BIG-IP SQL Injection Vulnerability These...