Security Bulletin

Attacks aimed at the education sector resulted in the compromise of 1.8 million records, with organizations sought to pay $847,000 in ransoms on average, a report from Comparitech revealed.

Included in the leaked files were individuals' IDs, passports, driver's licenses, voter IDs, and selfies, according to Cybernews researchers.

Threat actors who infiltrated BayMark's systems from Sep. 24 to Oct. 14 were able to steal individuals' names, birthdates, Social Security numbers, driver's license numbers, insurance details, received services, service dates, and treatment and...

Investigation into the cause of the incident and efforts to restore impacted systems are still underway, said officials in a Dec. 30 announcement emphasizing that the cyberattack had not affected the city's emergency response services.

Today, CISA released the Cybersecurity Performance Goals Adoption Report to highlight how adoption of Cybersecurity Performance Goals (CPGs) benefits our nation’s critical infrastructure sectors. Originally released in October 2022, CISA’s CPGs are...

CISA released four Industrial Control Systems (ICS) advisories on January 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-010-01 Schneider Electric PowerChute...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony HMI and Pro-face HMI Products Vulnerability: Use of Unmaintained Third-Party Components 2. RISK EVALUATION...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DRASimuCAD Vulnerabilities: Out-of-bounds Write, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerChute Serial Shutdown Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of...

A 2025. 2. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2024.12.20. és 2025.01.09. között kezelt incidensek statisztikai adatait is tartalmazza.

Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.