Security Bulletin

Most severe of the vulnerabilities is the undocumented features inclusion issue, tracked as CVE-2024-52564, which could be exploited to facilitate remote firewall deactivation, device setting manipulation, and arbitrary OS command execution...

After compromising the Romanian Permanent Electoral Authority's IT infrastructure on Nov. 19, threat actors went on to expose the account credentials for several of the country's election sites while deploying persistent intrusions that sought to...

Earth Minotaur leverages instant messaging apps to send messages with malicious links purporting to be Tibetan or Uyghur music and dance-related videos, which redirected to dozens of MOONSHINE exploit kit servers that would enable the download of a...

Aside from luring children into providing sexually explicit photos of themselves, such methods have also been used to force youths into harming family members and animals, as well as committing suicide, an intelligence report from the Joint Regional...

Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication (EPA) by default for new and existing installs of Exchange...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

I get a daily report from my honeypots for Cowrie activity [1], which includes telnet and SSH sessions attempted on the honyepot. One indicator I use to find sessions of interest is the number of commands run. Most of the time there are about 20...

In this SC Media InFocus, Security Weekly News' Adrian Sanabria discusses improving cyber defenses against ransomware with Semperis' Mickey Bresman.

Four flaws in open-source machine learning tools could lead to code execution or path traversal.

An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on 'key Scattered Spider members' and their tactics.

The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode.

There’s bipartisan support for a tougher stance on China’s attacks on U.S. telecoms, including issuing stiff fines.