Security Bulletin

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Heap-based Buffer Overflow, Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of these...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29360 Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability These types of vulnerabilities are...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

Malware campaign selectively targets users in Mexico through geofencing in addition to using advanced obfuscation methods.

A newcomer in the ransomware scene, has allegedly attacked Epic Games.

GitHub is having difficulty stopping an ongoing attack impacting millions of code repositories.

A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services.

This Social Impact Partner series blog features Cisco’s partnership with Astia and Kiva, in honor of the incredible work these organizations are doing to advance investment opportunities to Black, Indigenous, and People of Color-owned businesses in...

Faye, a veteran at Microsoft for 22 years, has had a career as varied as it is long. Her journey began in 2002 as the first desktop security Project Manager (PM) in Microsoft IT. From there, she transitioned into owning a deployment team that...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[This is a Guest Diary by John Moutos, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1].

The White House Office of the National Cyber Director puts software developers on notice, calling for a move to memory-safe programming languages and the development of security metrics.