Security Bulletin

Cybercriminals are increasingly using AI tools to launch successful attacks, but defenders are battling back.

No good deed goes unpunished, as a national push to combat SIM fraud has introduced new logistical and privacy issues for ordinary citizens.

Building out our security cloud vision, Cisco announces its intent to acquire Isovalent. Together we will create a unique multicloud security and networking capability to help customers accelerate their digital transformation.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: QNAP Equipment: VioStor NVR Vulnerability: OS Command Injection 2. RISK EVALUATION...

CISA released two Industrial Control Systems (ICS) advisories on December 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-355-01 FXC AE1021/AE1021PE ICSA-23...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: FXC Equipment: AE1021, AE1021PE Vulnerability: OS Command Injection 2. RISK EVALUATION...

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-49897 FXC AE1021, AE1021PE OS Command Injection Vulnerability CVE-2023-47565 QNAP VioStor NVR OS Command...

CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations’ Microsoft 365 (M365) cloud services. This guidance release is accompanied by the updated SCuBAGear tool...

The U.S. has to prepare itself for inevitable cyberattacks on critical infrastructure that seek to inflict both psychological and physical damage.

[This is a Guest Diary by David Thomson, an ISC intern as part of the SANS.edu BACS program]

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Instruction set architecture extensions are moving the cybersecurity fight from the software to the hardware layer.