Biztonsági szemle

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert and Modicon M340, M580 and M580 Safety PLCs Vulnerabilities: Improper Enforcement...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Attackers have used multiple layers of URL rewriting services and other tactics to evade email security.

The incident is typical of the heightened threats organizations face during the holidays, when most companies reduce their security operations staff by around 50%.

The anti-fraud plan calls for companies to create a pipeline for compiling attack information, along with formal processes to disseminate that intelligence across business groups.

New analysis says law enforcement efforts against Russian-language ransomware-as-a-service (RaaS) infrastructure helped consolidate influence behind BlackBasta, but some experts aren't so sure the brand means that much.

Malware leverages a legitimate – but outdated – Avast kernel driver, which lets it evade defenses and wreak havoc on systems.

In a "new class of attack," the Russian APT breached a target in Washington, DC, by credential-stuffing wireless networks in close proximity to it and daisy-chaining a vector together in a resourceful and creative way, according to researchers.

In late 2024, ransomware groups showed heightened interest in sectors rich with sensitive data.

In our recent Cisco AI Readiness Index, we found that only 13% of organizations consider themselves ready to capture AI’s potential, even though urgency is high. Companies are investing, but close to half of respondents say the gains aren’t meeting...

Nearly 400,000 internet-exposed devices were susceptible to attacks involving the abuse of the 15 most exploited security flaws in 2023, almost half of which were Fortinet FortiOS appliances.