Security Bulletin

CISA released seven Industrial Control Systems (ICS) advisories on October 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-291-01 Elvaco M-Bus Metering...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elvaco Equipment: M-Bus Metering Gateway CMe3100 Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: HMS Networks Equipment: EWON FLEXY 202 Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this...

Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Cross-site Scripting 2. RISK EVALUATION...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kieback&Peter Equipment: DDC4000 Series Vulnerabilities: Path Traversal, Insufficiently Protected Credentials, Use of Weak Credentials 2. RISK...

Attackers do the most damage exploiting weak passwords and companies that don’t deploy MFA – so start with the cyber basics and apply new technologies as needed.

A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

I noticed in my logs 2 weeks ago regular probe from a subnet in the Amazone cloud only scanning for TCP/8080 capture by the iptables of my DShield sensor. The scanning started on the 15 Aug - 4 Oct 2024 where the sensor recorded 1046 individual IPs...

But the time when quantum computers pose a tangible threat to modern encryption is likely still several years away.

Okta is pitching new features to address what it sees as critical security holes in the way SaaS and cloud vendors interact.