Security Bulletin

Such an attack technique dubbed "SpAIware" could be leveraged to facilitate continuous exfiltration of all inputs provided by the targeted user to ChatGPT, according to cybersecurity researcher Johann Rehberger.

Included in the nearly 500 MB data trove leaked by grep were information on Dell's internal ticketing system, including Agile and VPN incident reports and other ticket summaries for VPN improvements and DevOps software access requests.

Aside from performing Windows command execution and remote process injection-based module implementation, Splinter — which has "exceptionally large" artifact sizes due to extensive Rust crate presence — also features file uploading and downloading...

Attacks commence with the distribution of malicious emails purporting to be an Office 365 alert luring recipients to cancel a request for inbox email deletion through a button that contains the TikTok URL, according to a Cofense Phishing Defense...

Novel Chinese cyberespionage operation Salt Typhoon was reported by The Wall Street Journal to have compromised several internet service providers across the U.S. in attacks, which its sources noted were in preparation for imminent cyber intrusions.

Intrusions conducted by DragonForce, which has been suspected to be based in Malaysia, also involved the deployment of the SystemBC backdoor and the Mimikatz and Cobalt Strike tools to facilitate further compromise to advance its double extortion...

Ongoing targeting of vulnerable OT/ICS devices should prompt critical infrastructure entities to replace default passwords, activate multi-factor authentication, implement firewall protection for human-machine interfaces, and ensure up-to-date...

Integrating generative AI into your business model creates new risks as well as new rewards. Here's how to counter those risks.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Atelmo Equipment: Atemio AM 520 HD Full HD Satellite Receiver Vulnerability: OS Command Injection 2. RISK...

CISA released five Industrial Control Systems (ICS) advisories on September 26, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-270-01 Advantech ADAM-5550 ICSA-24...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Low attack complexity Vendor: Advantech Equipment: ADAM-5550 Vulnerabilities: Weak Encoding for Password, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Low attack complexity Vendor: goTenna Equipment: Pro series Vulnerabilities: Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext...