Biztonsági szemle

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Data Center Expert Vulnerability: Improper Verification of Cryptographic Signature, Missing Authentication for...

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability CVE-2024-9680 Mozilla Firefox Use-After...

Today, CISA published the Framing Software Component Transparency , created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT...

CISA released two Industrial Control Systems (ICS) advisories on October 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-289-01 Siemens Siveillance Video...

There are ways to protect the public from the potential dangers of AI without stifling innovation – and the Europeans have already shown us how.

Use SSO, don't use SSO. Have MFA, don't have MFA. An analysis of a snapshot of organizations using Push Security's platform finds that 99% of accounts susceptible to phishing attacks.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

With cybercriminal gangs raking in at least $18 billion regionally — and much more globally — law enforcement and policymakers are struggling to keep up as the syndicates innovate and entrench themselves in national economies.

Suspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access to a targeted system.

The DOD introduced new cybersecurity requirements for companies that contract with the federal government.

The gaming company reports that the server has been rebuilt after the leak, but has not confirmed if its insider video game data was leaked.