Biztonsági szemle

Attacks with ShrinkLocker, which leverages Microsoft BitLocker for accelerated drive encryption and a random password for re-encryption in Windows 7 and 8 or Windows Server 2008 and 2012 systems, have been deployed against organizations in Mexico...

Information compromised in the breach has been obtained from a system that had been inactive for nearly two years, noted DemandScience in an email sent to an individual who inquired the firm after seeing his data in the leak.

TAG-112 may be a subgroup of Chinese advanced persistent threat group Evasive Panda, also known as TAG-102 and StormBamboo, due to significant similarities in attack tactics, techniques, and procedures, an analysis from Recorded Future's Insikt Group...

Such an intrusion has not yet been confirmed by the AAP, whose website warned of the recent forced reset of all user passwords without further information but the organization was noted by Embargo to have already provided $1.3 million in exchange for...

After engaging in cyberespionage attacks that involved the distribution of RAR archive lures to deploy the IronWind downloader and Havoc post-exploitation framework, WIRTE proceeded to target numerous Israeli entities with the updated SameCoin Wiper...

If the government truly wants to protect the US's most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures.

Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability CVE-2024-9465 Palo Alto Networks...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Updater Vulnerabilities: Insecure Storage of Sensitive Information, Improper Input Validation...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3.1 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: 2N Equipment: Access Commander Vulnerabilities: Path Traversal, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT...