Security Bulletin

As AI technologies continue to advance at a rapid pace, privacy, security and governance teams can't expect to achieve strong AI governance while working in isolation.

The upcoming implementation of the EU NIS2 Directive requires a reassessment of operational and technical security goals. Learn more about how Cisco CX helps bridge that gap and aid you in navigating these new challenges.

Black Hat presentation reveals adversaries don't need to complete all seven stages of a traditional kill chain to achieve their objectives.

Such an increase was driven by the continued transition of ransomware operations to double extortion activities, according to a report from Rapid7.

Such a rule, which is expected to be released in its final form late next year, has been aimed by CISA to enable usage of anonymized breach notifications to better protect U.S. critical infrastructure, said Easterly at this year's Black Hat USA...

Included in the severe Roundcube vulnerabilities were the cross-site scripting issues, tracked as CVE-2024-42008 and CVE-2024-42009, as well as the information disclosure bug, tracked as CVE-2024-42010, an analysis from Sonar revealed.

Ronin Network attributed the flaw to a recent bridge update that resulted in the misinterpretation of the fund withdrawal authorization threshold for bridge operators.

McLaren Bay Region Hospital employees showed an INC Ransom note threatening the exposure of stolen data on the ransomware operation's leak site should the health system fail to pay the demanded ransom.

While most ransoms sought by BlackSuit ranged from about $1 million to $10 million worth of Bitcoin, the ransomware gang has demanded payments of up to $60 million, according to an updated joint advisory from the FBI and Cybersecurity and...

Megjelent a SANS és a Nemzetbiztonsági Szakszolgálat Nemzeti Kibervédelmi Intézet közös kiadványának 2024. augusztusi száma, melyben a romantikus csalásokkal foglalkozunk.

Researchers at Aqua Security discovered the "Shadow Resource" attack vector and the "Bucket Monopoly" problem, where threat actors can guess the name of S3 buckets based on their public account IDs.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dorsett Controls Equipment: InfoScan Vulnerabilities: Exposure of Sensitive Information To An Unauthorized Actor, Path Traversal 2. RISK...