Security Bulletin

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT...

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the...

CISA released ten Industrial Control Systems (ICS) advisories on December 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-347-01 Siemens CPCI85 Central...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Attackers using U.S., Canadian, Moldovan, Lithuanian, and Dutch IP addresses targeted vulnerable Cleo LexiCom, Harmony, and VLTrader instances to facilitate the writing of new files into the targeted endpoints' autorun directory, triggering the...

The feature was rarely effective at blocking tracking and is succeeded by the Global Privacy Control, according to Mozilla.

The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks.

Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach.

Oasis researchers say they reported the bug in June – and Microsoft patched it in October.