Skip to main content

Security Bulletin

17 Dec 2024
Biztonsági szemle

CISA Issues BOD 25-01, Implementing Secure Practices for Cloud Services

Today, CISA issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This Directive requires federal civilian agencies to identify specific cloud...
cisa.gov
Read more
17 Dec 2024
Biztonsági szemle

CISA and ONCD Release Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure

Today, CISA and the Office of the National Cyber Director (ONCD) published Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure to assist grant-making agencies to incorporate cybersecurity into their grant...
cisa.gov
Read more
17 Dec 2024
Biztonsági szemle

Hitachi Energy TropOS Devices Series 1400/2400/6400

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: TropOS Devices Series 1400/2400/6400 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful...
cisa.gov
Read more
17 Dec 2024
Biztonsági szemle

ThreatQuotient ThreatQ Platform

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: ThreatQuotient Inc. Equipment: ThreatQ Platform Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability...
cisa.gov
Read more
17 Dec 2024
Biztonsági szemle

Schneider Electric Modicon

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M241 / M251 / M258 / LMC058 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful...
cisa.gov
Read more
17 Dec 2024
Biztonsági szemle

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems (ICS) advisories on December 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-352-01 ThreatQuotient ThreatQ...
cisa.gov
Read more
17 Dec 2024
Biztonsági szemle

Rockwell Automation PowerMonitor 1000 Remote

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Remote Vulnerabilities: Unprotected Alternate Channel, Heap-based Buffer Overflow, Classic...
cisa.gov
Read more
17 Dec 2024
Biztonsági szemle

CISA Directs Federal Agencies to Secure Cloud Environments

cisa.gov
Read more
17 Dec 2024
Biztonsági szemle

CISA and ONCD Publish Guide to Strengthen Cybersecurity of Grant-Funded Infrastructure Projects

cisa.gov
Read more
Generative AI
17 Dec 2024
Biztonsági szemle

A blueprint for responsible and secure GenAI deployment

GenAI promises many benefits, but only if we do it in a responsible and secure way.
scmagazine.com
Read more
17 Dec 2024
Biztonsági szemle

Python Delivering AnyDesk Client as RAT, (Tue, Dec 17th)

RATs or “Remote Access Tools” are very popular these days. From an attacker&#x27s point of view, it&#x27s a great way to search and exfiltrate interesting data but also to pivot internally in the network. Besides malicious RATs, they are legit...
isc.sans.edu
Read more
17 Dec 2024
Biztonsági szemle

ISC Stormcast For Tuesday, December 17th, 2024 https://isc.sans.edu/podcastdetail/9258, (Tue, Dec 17th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
isc.sans.edu
Read more
Language
Audience