Biztonsági szemle

Today, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers. This guide aids software manufacturers in establishing secure software...

CISA released four Industrial Control Systems (ICS) advisories on October 24, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-298-01 VIMESA VHF/FM Transmitter...

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability CVE-2024-37383 RoundCube Webmail Cross-Site Scripting...

Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication to address vulnerabilities in Cisco ASA, FMC, and FTD. A cyber threat actor could exploit some of these vulnerabilities to take control...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: iniNet Solutions Equipment: SpiderControl SCADA PC HMI Editor Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: low attack complexity/public exploits are available Vendor: Deep Sea Electronics Equipment: DSE855 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: VIMESA Equipment: VHF/FM Transmitter Blue Plus Vulnerability: Improper Access Control 2. RISK EVALUATION Successful...

The Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The study, which surveyed 350 security and identity leaders globally, found that while 64% of organizations are still in the early stages of their identity security journey (Horizons 1 and 2), there has been significant progress from two years ago...

The “Deceptive Delight” method tricks models into generating harmful content within two or three interactions.

Avaya, Unisys, Check Point, and Mimecast fined $990,000 to $4 million to settle charges with SEC.