Security Bulletin

Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[This is a Guest Diary by Jean-Luc Hurier, an ISC intern as part of the SANS.edu BACS program]

Sectors like water and energy face disproportional risks due to their unique role and IT/OT environments.

As part of the commitment to CISA's Secure by Design pledge, Snowflake will begin blocking sign-ins using single-factor authentication next year.

Sixteen critical flaws and 54 bugs designated as important priorities fixed for Windows, Office and Edge.

FCC Chairwoman Jessica Rosenworcel recommended "urgent action" to safeguard the nation's communications systems from real and present cybersecurity threats.

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

Such a flaw, which could be exploited without authentication, stems from a command injection issue in Imagebuilder that enables arbitrary command injections in the build process and truncated SHA-256 hash collisions that allow reduced entropy that...

Citrine Sleet's intrusion against Radiant Capital commenced in September with the spoofing of a former contractor on Telegram to lure a Radiant developer into downloading a ZIP file featuring a decoy PDF file and the InletDrift macOS malware, which...

"...[A]ny disruptions in interaction with our consumers are the result of protective measures for internal infrastructure. These measures are temporary and are designed to ensure the security of the entire system," said Electrica Group.

Infiltration of a single user's email in a phishing attack between May 8 and May 9 allowed threat actors to compromise individuals' names, addresses, Social Security numbers, contact information, financial account details, health information...