Security Bulletin

Included among the files in the unsecured 193 GB database were information regarding fuel and petroleum shipments, invoices, and delivery tickets to and from companies, pipelines, and industries across several states, including California, Colorado...

Automated API exploitation, which comprised 30% of all API attacks, was two to three times higher among organizations with revenues exceeding $1 billion, with the elevated likelihood of abuse attributed to the presence of more exposed or insecure...

No Dr. Web customers have been compromised due to the incident, noted the company, which also disclosed the resumption of virus database updates on Tuesday,

There has been no evidence that individuals with the Biden campaign responded to the unsolicited emails, according to the agencies, which noted that U.S. media organizations have also been provided with Trump campaign-related information by the...

Cisco’s vision for the future of Europe’s digital infrastructures.

Investigation into Vanir ransomware's members since June has resulted in the identification of the server of a site within the group's TOR network last month and the subsequent blocking of the web page, disclosed officials in the city of Karlsruhe...

Vanilla Tempest leveraged initial network access secured from Storm-0494's Gootloader malware attacks to distribute Supper malware and AnyDesk remote monitoring and MEGA data synchronization tools before proceeding with lateral movement and the...

After establishing trust with targets via spear-phishing emails purporting to be job openings for senior-/manager-level employees in high-profile companies, UNC2970 proceeded to deliver a malicious ZIP file masquerading as a job description, an...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: IDEC Corporation Equipment: WindLDR, WindO/I-NV4 Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this...

CISA released six Industrial Control Systems (ICS) advisories on September 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-263-01 Rockwell Automation RSLogix...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable locally/high attack complexity Vendor: Rockwell Automation Equipment: RSLogix 5 and RSLogix 500 Vulnerability: Insufficient verification of data authenticity 2. RISK EVALUATION...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: MegaSys Computer Technologies Equipment: Telenium Online Web Application Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful...