Security Bulletin

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Contec Health Equipment: CMS8000 Patient Monitor Vulnerabilities: Out-of-bounds Write, Hidden Functionality (Backdoor), Privacy Leakage 2. RISK...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony Industrial PC, Pro-face Industrial PC Vulnerability: Exposure of Sensitive Information to an Unauthorized...

Amateurish financial scams are common across Africa, and Namibia's influential former first lady, Monica Geingos, has emerged as a particularly effective host body for these messages.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The UK’s cybersecurity regulator has pitched a plan that would see the elimination of vulnerability ratings.

Group-IB researchers uncovered a structured affiliate workflow and “all-in-one” RaaS with multiple encryption modes.

When it comes to cyber threats, protection is better than response.

While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.

The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command-and-control servers from Pyongyang.

VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.

Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.