Security Bulletin

Today, CISA—in partnership with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA)—published Closing the Software...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 SMART Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOX61x Products Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability...

Seven system recovery programs contained what amounted to a backdoor for injecting any untrusted file into the system startup process.

[This is a Guest Diary by Curtis Dibble, an ISC intern as part of the SANS.edu BACS [1] program]

The critical and high severity flaws were discovered by Google Cloud researchers.

The Joint Cyber Defense Collaborative playbook seeks to establish a "a unified approach" on how to handle AI-related cybersecurity threats.

Four people have plead guilty to offering and accepting bribes to government officials in exchange for IT service contracts

It's an especially brazen form of malvertising, researchers say, striking at the heart of Google's business; the tech giant says it's aware of the issue and is working quickly to address the problem.

Security pros say the link Secureworks made to a decade-old DPRK crowdfunding campaign are credible.