Security Bulletin

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45519 Synacor Zimbra Collaboration Command Execution Vulnerability These types of vulnerabilities are frequent...

The threat landscape will only get worse in the months and years ahead – here’s how to prepare the company’s response to inevitable cyberattacks.

The FIN7 group is mounting a sophisticated malware campaign that spans numerous websites, to lure people with a deepfake tool promising to create nudes out of photos.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

CeranaKeeper is bombarding Southeast Asia with data exfiltration attacks via file-sharing services such as Pastebin, OneDrive, and GitHub, researchers say.

Armed with a staggering arsenal of at least 20,000 different exploits for various Linux server misconfigurations, perfctl is everywhere, annoying, and tough to get rid of.

[This is a Guest Diary by Joshua Gilman, an ISC intern as part of the SANS.edu BACS program]

Generative AI is being used to make cyberscams more believable. Here's how organizations can counter that using newly emerging tools and reliable methods.

More than 267,000 internet-exposed routers are likely vulnerable to exploitation.

If properly executed, the exploit would allow an attacker to obtain remote code execution on the target server.

Despite a $10 million bounty on one member, APT45 is not slowing down, pivoting from intelligence gathering to extorting funds for Kim Jong-Un's regime.

Organizations can use this guide to make decisions about designing, implementing, and managing OT environments to ensure they are both safe and secure, as well as to enable business continuity for critical services.