Security Bulletin

We’re excited to bring together forward-thinkers from retail, financial services, hospitality, and sports, media, and entertainment from June 2-6 in Las Vegas. Engage with visionaries, discover innovative solutions and gain insights that will drive...

Attacks leveraging Microsoft Exchange Server vulnerabilities to facilitate keylogger malware deployment have been launched against more than 30 government, financial, education, and IT organizations in Africa and the Middle East since 2021, reports...

National Cyber Director Harry Coker noted that the U.S. has intensified defending its critical infrastructure amid mounting cyber threats posed by Chinese state-sponsored threat operations, including Volt Typhoon, CyberScoop reports.

Burnout has been an oft-reported problem among security professionals for years. Are there any new ideas for supporting mental health in the industry?

See how Cisco is leveraging Cisco Defense Orchestrator, Multicloud Defense, and Secure Firewall to securely connect apps from site to cloud and between clouds.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Productivity PLCs Vulnerabilities: Buffer Access with Incorrect Length Value, Out-of-bounds Write, Stack-based Buffer...

CISA released one Industrial Control Systems (ICS) advisory on May 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-144-01 AutomationDirect Productivity PLCs...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-17519 Apache Flink Improper Access Control Vulnerability These types of vulnerabilities are frequent attack...

Most everyone uses email and critical infrastructure sectors are high-profit industries that deploy legacy technology easy to exploit, so attackers take advantage of the easy access via email to make hefty profits.

One of China's biggest espionage operations owes its success to longstanding Microsoft Exchange bugs, open source tools, and old malware.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[This is a Guest Diary by Robert Riley, an ISC intern as part of the SANS.edu BACS program]