Security Bulletin

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

CISA released two Industrial Control Systems (ICS) advisories on February 27, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-058-01 Mitsubishi Electric Multiple...

Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released an update to the joint advisory #StopRansomware: ALPHV Blackcat to provide new indicators of compromise (IOCs) and tactics...

Cyber threat intelligence demands smart planning and support from key stakeholders. Here are the top priorities, according to IT security professionals.

Starting today, we are doubling the maximum bounty award for the Microsoft 365 Insider Bug Bounty Program to $30,000 USD for high impact scenarios, such as unauthenticated non-sandboxed code execution with no user interaction. We are also expanding...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The Los Angeles International Airport had a database containing 2.5 million records exposed by IntelBroker following a cyberattack against one of its customer relationship management systems conducted this month, reports Hackread.

Nearly 67K impacted by U-Haul data breach Leading U.S. moving truck, trailer, and self-storage rental firm U-Haul had data from almost 67,000 customers in the U.S. and Canada exfiltrated following a cyberattack against one of its systems in early...

BleepingComputer reports that Sony-owned video game developer Insomniac Games has disclosed that data from its current and former employees and independent contractors have been exfiltrated and exposed by the Rhysida ransomware operation following an...

Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.

Axie Infinity co-founder Jeff "Jihoz" Zirlin had nearly $9.7 million worth of ethereum exfiltrated in a cryptocurrency heist targeted at two of his wallets, according to The Record, a news site by cybersecurity firm Recorded Future. "The attack is...

AT&T emphasized that the widespread cell network outage on Feb. 22 that has since been resolved was caused by a coding error and not a cybersecurity incident, The Associated Press reports.