Security Bulletin

CISA released four Industrial Control Systems (ICS) advisories on November 30, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-334-01 Delta Electronics DOPSoft...

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-6345 Google Skia Integer Overflow Vulnerability CVE-2023-49103 ownCloud graphapi Information Disclosure...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX, ThingWorx, OPC-Aggregator Vulnerabilities: Heap-based Buffer Overflow, Improper Validation of Certificate with Host...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of...

CISA has assisted a researcher with coordinating the disclosure of multiple researcher-discovered vulnerabilities affecting web-based case and document management systems used by multiple state, county, and municipal courts. Affected systems include...

AI-enhanced social media attacks are on the rise – that’s why security teams must foster a culture of continuous awareness training and adaptive defenses.

Last week, Jonah Latimer posted here about traffic he saw to his own EC2 web honeypot exploiting %%cve:2023-1389%%. I found this looking at new URL strings to our honepot network, and so for on 29 Nov 23, there have been about 300 detections for this...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The collaboration focuses on helping security teams detect and address cloud threats more effectively.

Amazon Web Services announced enhancements to several of its security tools, including GuardDuty, Inspector, Detective, IAM Access Analyzer, and Secrets Manager, to name a few during its re:Invent event.

The world of DevOps is abundant with tools and technologies, which can create confusion for novices. This blog charts out a DevOps roadmap, discussing the various phases of DevOps and popular tools that come in handy at each stage.