Security Bulletin

Build a practical working relationship between humans beings and AI by taking these four steps.

Today, CISA—through the Joint Cyber Defense Collaborative and in coordination with the Office of the National Cyber Director (ONCD)—released the National Cyber Incident Response Plan Update Public Comment Draft. The draft requests public comment on...

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767 Adobe ColdFusion Improper Access Control Vulnerability CVE-2024-35250 Microsoft Windows Kernel-Mode Driver...

Mid-market enterprises need strong defenses. This Cybersecurity Best Practices Toolkit features cheat sheets and tabletop exercises to help organization stay ahead of threats.

SMBs face a growing cybersecurity crisis, exacerbated by a severe shortage of skilled professionals. A global survey commissioned by Sophos highlights the pressing nature of the challenge.

A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Last week, Apache announced a vulnerability in Struts2 [1]. The path traversal vulnerability scored 9.5 on the CVSS scale. If exploited, the vulnerability allows file uploads into otherwise restricted directories, which may lead to remote code...

An attacker with local access can grab admin credentials from active memory prior to deletion.

Immediate blocking of IP addresses leveraging the issue has also been recommended by Cleo.

Infiltration of Byte Federal's systems exposed individuals' full names, birthdates, physical addresses, email addresses, phone numbers, Social Security numbers, government-issued IDs, photos, and transaction activity, according to the firm's data...