Security Bulletin

Cisco released a security advisory to address a vulnerability (CVE-2024-20253) affecting multiple Unified Communications Products. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and...

CISA released two Industrial Control Systems (ICS) advisories on January 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-025-01 Opteev MachineSense FeverWarn...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MachineSense LLC. Equipment: MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: SystemK Equipment: NVR 504/508/516 Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of...

These days, many pieces of malware are flagged as “infostealers” because, once running on the victim&#x27s computer, they search for interesting data and exfiltrate them. Classic collected data are:

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Security should not be treated as one-size-fits all, and that is doubly true when it comes to security awareness education. Training should be customized by age, learning styles, and preferred media if it is to be effective.

Ransomware attack hits Veolia North America Major global water and wastewater system operator Veolia had some of its internal back-end systems at its North America Municipal Water division impacted by a ransomware attack last week, resulting in the...

Global attacks targeting Ivanti Connect Secure VPN appliances vulnerable to both CVE-2023-46805 and CVE-2024-21887, have been underway, with 492 of 26,000 internet-exposed devices being compromised with backdoors, reports Ars Technica. The U.S...

More than 60 different threat operations, including SocGholish and ClearFake actors, have become affiliates of the massive VexTrio malware brokerage program, making the group the most substantial broker of malicious traffic, The Hacker News reports.

Intrusions by the BianLian ransomware operation during the past year have been refocused on specific targets and involved new attack techniques, according to SiliconAngle.