Security Bulletin

CISA released three Industrial Control Systems (ICS) advisories on September 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-261-01 Siemens SIMATIC S7-200...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Millbeck Communications Equipment: Proroute H685t-w Vulnerabilities: Command Injection, Cross-site Scripting 2. RISK EVALUATION Successful...

Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS)...

Securing open-source software will take collaboration, innovation and a commitment to best practices.

Hacktivists love to target financial services companies, and their attacks are growing both larger and longer.

Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.

Last week, I posted a diary about suspicious Python modules. One of them was Firebase [ 1], the cloud service provided by Google[ 2]. Firebase services abused by attackers is not new, usually, it&#x27s used to host malicious files that will be...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A hidden feature could enable remote command execution using hard-coded credentials on home routers.

Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw.

The sanctions are unlikely to affect the growing network of criminals who lure victims into working for cybercrime sweat shops around the world.