Security Bulletin

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-14933 NUUO NVRmini Devices OS Command Injection Vulnerability CVE-2022-23227 NUUO NVRmini 2 Devices Missing...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.

Attackers claimed to have stolen at least 1 TB of data from the Deloitte-maintained RIBridges system.

First-of-its-kind “honeypot” study left open to all ports in 14 locations.

AE Industrial Partners' purchase of Paragon was reported by Israeli newspaper Haaretz to have been closed on Friday for $500 million but financial news outlet Calcalist detailed that the acquisition agreement, which will combine Paragon and Virginia...

Such an acquisition is part of Arctic Wolf's efforts to strengthen its Aurora open-XDR platform, which will be gaining additional capabilities provided by the AI-based endpoint security technology of Cylance, with Arctic Wolf CEO Nick Schneider...

Such draft for the updated NCIRP, which was developed in collaboration with more than 150 cybersecurity experts, also designates government agencies for each tier of response, with asset response to be spearheaded by CISA and the Department of...

While such an intrusion was reported by Namibian news outlets to have resulted in the compromise of more than 400,000 files, including information from high-profile government officials and clients, Telecom Namibia noted ongoing efforts to evaluate...

Aside from names and phone numbers, other information compromised as a result of the data breach may have also included birthdates, medical record numbers, details regarding health conditions, prescriptions, and treatments, and some Social Security...

Unauthorized access into the HSCs' network from Sep. 17 to 19 enabled the varying exposure of individuals' full names, birthdates, Social Security numbers, physical addresses, driver's license and government ID numbers, financial account details...

"When a NetScaler appliance is sized for handling a typical volume of authentication attempts, the high number of login attempts from large password spraying attacks can overwhelm the appliance, potentially leading to service and/or operational...