Security Bulletin

CISA released two Industrial Control Systems (ICS) advisories on December 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-340-01 AutomationDirect C-More EA9...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: AutomationDirect Equipment: C-More EA9 Programming Software Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...

Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Attackers leverage the Cloudflare Pages and Workers services to disguise and enhance their malicious sites.

[This is a Guest Diary by Chris Kobee, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1].

Russia still tops the world in disinformation campaigns, even as other countries are stepping up their own operations.

New Fortress Information Security research shows 90% of software products used by critical infrastructure organizations contain code developed in China.

Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say.

As CTEM practices become increasingly widespread, security vendors have rushed to position themselves as exposure management providers — but a closer examination reveals that many of them have adopted a partial approach.