Security Bulletin

Can cyber defenders use the presence of infostealers as a canary in the coal mine to preempt ransomware attacks?

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the...

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-27348 Apache HugeGraph-Server Improper Access Control Vulnerability CVE-2020-0618 Microsoft SQL Server...

A few months ago, I wrote a diary[ 1] about a Python script that replaced the Exodus[ 2] Wallet app with a rogue one on macOS. Infostealers are everywhere these days. They target mainly browsers (cookies, credentials) and classic applications that...

Increasing attacks by the OilRig/APT34 group linked to Iran's Ministry of Intelligence and Security show that the nation's capabilities are growing, and targeting regional allies and enemies alike.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Researchers uncovered a vulnerability that could have placed millions of Google Cloud instances at risk of remote hijack.

The latest Secure by Design alert from CISA outlines recommended actions security teams should implement to reduce the prevalence of cross-site scripting vulnerabilities in software.

Security pros say KBs can be easily misconfigured – data on more than 1,000 KBs exposed.

A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.

The Eastern European group is actively expanding its financial fraud activities, with its pipelines representing a veritable Silk Road for the transfer of cryptocurrency, and lucrative and exploitable data.