Security Bulletin

The State Department can now deny entrance to the US for individuals accused of profiting from spyware-related human rights abuses, and their immediate family members.

The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.

Like many similar frameworks and languages, Struts 2 has a "developer mode" (devmode) offering additional features to aid debugging. Error messages will be more verbose, and the devmode includes an OGNL console. OGNL, the Object-Graph Navigation...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation Vulnerability These types of vulnerabilities are...

CISA released two Industrial Control Systems (ICS) advisories on April 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-051-03 Mitsubishi Electric Electrical...

State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices.

Security pros must always remember that we are custodians of the digital realm and it’s our job to keep people safe.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain.

Cisco Defense Orchestrator (CDO) provides a powerful REST API to automate and simplify security management tasks. Learn how to get started, and about integrations with Ansible and Terraform.

The threat actor is deploying multiple connections into victim environments to maintain persistence and steal data.

Solutions exist that let organizations adjust the volume of data being processed by their SIEM system.