Security Bulletin

CISA released two Industrial Control Systems (ICS) advisories on February 8, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-039-01 Qolsys IQ Panel 4, IQ4 HUB...

Cisco released a security advisory to address vulnerabilities affecting Cisco Expressway Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review...

Today, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in...

External cybersecurity solutions provider ZeroFox has agreed to a nearly $350 million all-cash acquisition deal from tech-oriented private equity firm Haveli Investments, which is poised to be finalized by the first six months of the year...

Hybrid cloud connectivity and network object sharing from Cisco provides teams with a more simplified, unified security experience across their hybrid cloud.

I don't know if there is a trend but I recently found some malicious Python scripts (targeting Windows hosts) that include a GUI. They don't try to hide from the victim but, on the opposite, they try to make them confident. One...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Volt Typhoon is positioning itself to physically disrupt and cripple US critical infrastructure by gaining access to operational technology networks in the energy, water, communications, and transportation sectors, according to CISA.

AnyDesk has emphasized the safety of all its remote monitoring software versions obtained from legitimate sources, as well as noted the lack of any evidence suggesting any customer data compromise following a cyberattack last week, which it said only...

Microsoft Azure HDInsight has been identified to have its third-party Apache Hadoop, Kafka, and Spark services affected by three security flaws, which stem from Apache Ambari and Oozie software and have already been remediated by Microsoft in updates...

Mozilla has unveiled its new Monitor Plus subscription service that facilitates the automated scanning and removal of personal information from data broker sites, reports TechCrunch.

CyberScoop reports that increasingly prevalent deepfake threats have prompted the White House to strengthen efforts at identifying digitally altered media.