Security Bulletin

The U.S.'s cybersecurity model being centered on the immediate discovery and remediation of vulnerabilities has been called a "failed model" by CISA.

Last week, I wrote about a system associated with pro-Russian hacktivist scanning for vulnerable Sharepoint servers [ 1]. Thanks to @DonPasci on X for pointing me to an article by Radware about the same group using Mirai [2][3]. This group has been...

Default passwords enabled the Iranian-linked APT to compromise Israeli-made control systems at water and wastewater facilities, a public aquarium and a brewery.

Come up with a clever cybersecurity-related caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Why we should applaud the Red Cross's efforts, even if they likely won't work.

On behalf of Cisco and CX, I would like to personally acknowledge each of our 2023 CX winners for being shining examples of Cisco’s Guiding Principles and role models.

A lot has been happening this year, and with additional enablement from Cisco’s Country Digital Acceleration Program, Cisco has been busy providing enhanced capabilities and services designed to assist Government customers to develop plans and...

Background The PKCS#11 support in BIND 9 comes in two flavors: The native PKCS#11 that interfaces directly with the HSM provided library via the PKCS#11 API. This allows BIND 9 to interact directly with the PKCS#11 provider for the public key...

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-42917 Apple Multiple Products WebKit Memory Corruption Vulnerability CVE-2023-42916 Apple Multiple Products...

The NCSC, which is a part of GCHQ, is recommending organisations follow the guidance published by US agencies and the INCD, regarding the active exploitation of Unitronics programmable logic controllers (PLCs) used in a range of industries including...

Now that CISOs face prosecution and even jail time, it’s more important than ever to educate the entire C-Suite and board on cybersecurity risks.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.