Security Bulletin

More than 320 organizations in various sectors around the world, most of which are in Latin America, have been subjected to the new SteganoAmor attack campaign by the TA558 hacking operation that involved the use of steganography to enable the...

Explore the synergy of Cisco's Duo Security & Identity Intelligence, bolstering cyber defense with advanced threat detection & response capabilities

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, 1756-EN4TR Vulnerability: Improper Input Validation 2. RISK...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Measuresoft Equipment: ScadaPro Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low attack complexity Vendor: RoboDK Equipment: RoboDK Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Electrolink Equipment: FM/DAB/TV Transmitter Vulnerabilities: Authentication Bypass by Assumed-Immutable Data...

CISA released four Industrial Control Systems (ICS) advisories on April 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-107-01 Measuresoft ScadaPro ICSA-24...

Five ways companies can move from SBOMs to SaaSBOMs to more effectively secure SaaS applications.

Package updates/upgrades by maintainers on the Linux platforms are always appreciated, as these updates are intended to offer new features/bug fixes. However, in rare circumstances, there is a need to downgrade the packages to a prior version due to...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

This is a quick update to our initial diary from this weekend [ CVE-2024-3400].

The “Crescendo” attack uses a chain of seemingly benign prompts to achieve an adverse output.