Security Bulletin

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767 Adobe ColdFusion Improper Access Control Vulnerability CVE-2024-35250 Microsoft Windows Kernel-Mode Driver...

Mid-market enterprises need strong defenses. This Cybersecurity Best Practices Toolkit features cheat sheets and tabletop exercises to help organization stay ahead of threats.

SMBs face a growing cybersecurity crisis, exacerbated by a severe shortage of skilled professionals. A global survey commissioned by Sophos highlights the pressing nature of the challenge.

A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Last week, Apache announced a vulnerability in Struts2 [1]. The path traversal vulnerability scored 9.5 on the CVSS scale. If exploited, the vulnerability allows file uploads into otherwise restricted directories, which may lead to remote code...

An attacker with local access can grab admin credentials from active memory prior to deletion.

Immediate blocking of IP addresses leveraging the issue has also been recommended by Cleo.

Infiltration of Byte Federal's systems exposed individuals' full names, birthdates, physical addresses, email addresses, phone numbers, Social Security numbers, government-issued IDs, photos, and transaction activity, according to the firm's data...

Aside from disrupting servers through a deluge of requests to "debug/pprof/heap" and other endpoints, attackers could also exploit Prometheus' "metrics" endpoint to obtain information from internal API endpoints, Docker registries, subdomains, and...

Attacks with Pumakit commence with the deployment of the cron dropper, which executes the '/memfd:tgt' and '/memfd:wpn' payloads, with the former eventually launching the 'puma.ko' LKM rootkit module that loads only after ensuring secure boot status...