Security Bulletin

Additional information has been scant but the intrusion, which comes amid growing Slovakia-Ukraine hostility, was found to be strongly linked to Ukraine, according to Takac, who noted the use of backups to recover impacted systems while reassuring...

Numerous Italian organizations had their websites disrupted in distributed denial-of-service attacks launched by pro-Russian hacktivist operation NoName057(16) over the weekend in retaliation to Italy's continued support to Ukraine.

Attacks by RedDelta commence with spear-phishing emails using Mongolian flood protection, Taiwanese presidential candidate Terry Gou, and an Association of Southeast Asian Nations meeting as lures that contain malicious MSI, MSC, and LNK files to...

Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this...

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability CVE...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

VBA macros and embedded files/objects are stored as OLE files inside OOXML files.

Wireshark release 4.4.3 fixes 0 vulnerabilities and 8 bugs.

New year, same story. Despite Ivanti's commitment to secure-by-design principles, Chinese threat actors are exploiting its edge devices for the nth time.

New year, same story. Despite Ivanti's commitment to secure-by-design principles, threat actors — possibly the same ones as before — are exploiting its edge devices for the nth time.

The group claimed 85 victims in December but shows signs of inexperience.