Security Bulletin

The two countries agree to share financial services information and provide cross-border training and best practices.

Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more...

The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.

Security pros say developers share Confluence across their teams, so once exploited, attackers can have access to sensitive design and vulnerability information they can use to launch future attacks.

Ukrainian telcos subjected to Sandworm attacks BleepingComputer reports that Ukraine had 11 of its telecommunications service providers breached by the Russian state-backed hacking operation Sandworm from May to September, resulting in service...

Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves.

Small- to medium-sized businesses can depend on MSPs to deliver the foundational security basics, but when it comes to in-the-weeds incident response, MSPs really need to partner with a managed security operations provider (MSOP).

Spam and phishing SMS messages (sometimes called "smishing") have been problematic in recent years. These messages often bypass security controls and are more challenging to identify as malicious by users. Moreover, they can be just simply annoying....

Avoid these errors to get the greatest value from your incident response training sessions.

No patch has been release for an unknown Cisco vulnerability in IOS XE's Web UI.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation with Advanced Reports, EcoStruxure Power SCADA...