Biztonsági szemle

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Productivity PLCs Vulnerabilities: Buffer Access with Incorrect Length Value, Out-of-bounds Write, Stack-based Buffer...

CISA released one Industrial Control Systems (ICS) advisory on May 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-144-01 AutomationDirect Productivity PLCs...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-17519 Apache Flink Improper Access Control Vulnerability These types of vulnerabilities are frequent attack...

Most everyone uses email and critical infrastructure sectors are high-profit industries that deploy legacy technology easy to exploit, so attackers take advantage of the easy access via email to make hefty profits.

One of China's biggest espionage operations owes its success to longstanding Microsoft Exchange bugs, open source tools, and old malware.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[This is a Guest Diary by Robert Riley, an ISC intern as part of the SANS.edu BACS program]

Learn about changes impacting developers with Android 14 application migration, and challenges we encountered during the migration and testing of the Meraki Systems Manager application.

A CISO job description is a moving target in 2024 as these security leaders face new twists on employment challenges, a 'hostile' regulatory climate and a bevy of new internal and external digital threats.

For incident responders, a variety of techniques for information retrieval from locked-up VMs.

Learn more about the role of resilient ecosystems and how it can help humans and nature navigate a changing climate.