- + VU#138043: A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server—Overview A stack-based overflow vulnerability exists in the tinydhcp...
- + VU#455367: Insecure Platform Key (PK) used in UEFI system firmware signature—Overview A vulnerability in the user of hard-coded Platform Keys (PK...
- + VU#244112: Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement—Overview Multiple hosted, outbound SMTP servers are vulnerable to em...
- + VU#312260: Use-after-free vulnerability in lighttpd version 1.4.50 and earlier—Overview A use-after-free vulnerability in lighttpd in versions 1.4....
- + VU#456537: RADIUS protocol susceptible to forgery attacks.—Overview A vulnerability in the RADIUS protocol allows an attacker a...
- + VU#163057: BMC software fails to validate IPMI session.—Overview The Intelligent Platform Management Interface (IPMI) implem...
- + VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files—Overview A vulnerability in the R language that allows for arbitrary...
- + VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models—Overview Lambda Layers in third party TensorFlow-based Keras models ...
- + VU#123335: Multiple programming languages fail to escape arguments properly in Microsoft Windows—Overview Various programming languages lack proper validation mechan...
- show more ...
As of 10/5/24 11:16pm. Last new 9/30/24 8:59pm. Score: 639
- + Election offices are preparing for a smooth voting process — and angry voters—html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org...
- + Former Mesa County clerk sentenced to 9 years for 2020 voting system breach—Former Mesa County clerk sentenced to 9 years for 2020 voting system b...
- + What’s new from this year’s Counter Ransomware Initiative summit, and what’s next—What’s new from this year’s Counter Ransomware Initiative summit, and ...
- + DOJ, Microsoft seize more than 100 domains used by the FSB—html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org...
- + Research reveals vulnerabilities in routers that left 700,000-plus exposed—Research reveals vulnerabilities in routers that left 700,000-plus exp...
- + Russian authorities arrest nearly 100 in raids tied to cybercriminal money laundering—Russian authorities arrest nearly 100 in raids tied to cybercriminal m...
- + America’s allies are shifting: Cyberspace is about persistence, not deterrence—America’s allies are shifting: Cyberspace is about persistence, not de...
- show more ...
As of 10/5/24 11:19pm. Last new 10/3/24 4:39pm. Score: 582
- + ISC StormCast for Friday, October 4th, 2024—Kickstart Your DShield Honeypot https://isc.sans.edu/diary/Kickstar...
- + ISC StormCast for Thursday, October 3rd, 2024—Security Related Docker Containers https://isc.sans.edu/diary/Secur...
- show more ...
As of 10/5/24 11:20pm. Last new 10/4/24 2:02am. Score: 535
- + CISA Adds One Known Exploited Vulnerability to Catalog—CISA has added one new vulnerability to its Known Exploited Vuln...
- + Russian Military Cyber Actors Target US and Global Critical Infrastructure—Summary The Federal Bureau of Investigation (FBI), Cybersecurity an...
- + #StopRansomware: RansomHub Ransomware—Summary Note: This joint Cybersecurity Advisory is part of an on...
- + Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations—Summary The Federal Bureau of Investigation (FBI), Cybersecurity an...
- + North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs—Summary The U.S. Federal Bureau of Investigation (FBI) and the foll...
- + CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth—EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructur...
- + People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action —Overview Background This advisory, authored by the Australian Sig...
- + #StopRansomware: Black Basta—SUMMARY Note : This joint Cybersecurity Advisory (CSA) is part of...
- + #StopRansomware: Akira Ransomware—SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of...
- + Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways—SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA)...
As of 10/5/24 11:20pm. Last new 9/30/24 11:35pm. Score: 528
- + Friday Squid Blogging: Map of All Colossal Squid Sightings—Interesting map , from this paper . Blog moderation policy. [Aut...
- + Weird Zimbra Vulnerability—Hackers can execute commands on a remote computer by sending malforme...
- + California AI Safety Bill Vetoed—Governor Newsom has vetoed the state’s AI safety bill. I ha...
- + Hacking ChatGPT by Planting False Memories into Its Data—This vulnerability hacks a feature that allows ChatGPT to have long-te...
- + Friday Squid Blogging: Squid Game Season Two Teaser—The teaser for Squid Game Season Two dropped. Blog moderation ...
- + Clever Social Engineering Attack Using Captchas—This is really interesting. It’s a phishing attack targeting...
- + FBI Shuts Down Chinese Botnet—The FBI has shut down a botnet run by Chinese hackers: The botne...
- + AI and the 2024 US Elections—For years now, AI has undermined the public’s ability to trust w...
- + Squid Fishing in Japan—Fishermen are catching more squid as other fish are depleted. Bl...
- + NIST Recommends Some Common-Sense Password Rules—NIST’s second draft of its “ SP 800-63-4 “—its...
- show more ...
As of 10/5/24 11:29pm. Last new 10/4/24 6:20pm. Score: 507
- + Friday Squid Blogging: Map of All Colossal Squid Sightings—Interesting map , from this paper . Blog moderation policy. [Aut...
- + Weird Zimbra Vulnerability—Hackers can execute commands on a remote computer by sending malforme...
- + California AI Safety Bill Vetoed—Governor Newsom has vetoed the state’s AI safety bill. I ha...
- + Hacking ChatGPT by Planting False Memories into Its Data—This vulnerability hacks a feature that allows ChatGPT to have long-te...
- + Friday Squid Blogging: Squid Game Season Two Teaser—The teaser for Squid Game Season Two dropped. Blog moderation ...
- + Clever Social Engineering Attack Using Captchas—This is really interesting. It’s a phishing attack targeting...
- + FBI Shuts Down Chinese Botnet—The FBI has shut down a botnet run by Chinese hackers: The botne...
- + AI and the 2024 US Elections—For years now, AI has undermined the public’s ability to trust w...
- + Squid Fishing in Japan—Fishermen are catching more squid as other fish are depleted. Bl...
- + NIST Recommends Some Common-Sense Password Rules—NIST’s second draft of its “ SP 800-63-4 “—its...
- show more ...
As of 10/5/24 11:29pm. Last new 10/4/24 8:08pm. Score: 475
- + CISA Adds One Known Exploited Vulnerability to Catalog—CISA has added one new vulnerability to its Known Exploited Vuln...
- + Russian Military Cyber Actors Target US and Global Critical Infrastructure—Summary The Federal Bureau of Investigation (FBI), Cybersecurity an...
- + #StopRansomware: RansomHub Ransomware—Summary Note: This joint Cybersecurity Advisory is part of an on...
- + Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations—Summary The Federal Bureau of Investigation (FBI), Cybersecurity an...
- + North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs—Summary The U.S. Federal Bureau of Investigation (FBI) and the foll...
- + CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth—EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructur...
- + People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action —Overview Background This advisory, authored by the Australian Sig...
- + #StopRansomware: Black Basta—SUMMARY Note : This joint Cybersecurity Advisory (CSA) is part of...
- + #StopRansomware: Akira Ransomware—SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of...
- show more ...
As of 10/5/24 11:29pm. Last new 9/30/24 8:55pm. Score: 459
- + Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems—Posted by Sherk Chung, Stephan Chen, Pixel team, and Roger Piqueras Jo...
- + Evaluating Mitigations & Vulnerabilities in Chrome—Posted by Alex Gough, Chrome Security Team The Chrome Security Tea...
- + A new path for Kyber on the web—Posted by David Adrian, David Benjamin, Bob Beck & Devon O'Brien, ...
- + Deploying Rust in Existing Firmware Codebases—Posted by Ivan Lozano and Dominik Maier, Android Team Android's use...
- + Private AI For All: Our End-To-End Approach to AI Privacy on Android—Posted by Dave Kleidermacher, VP Engineering, Android Security and Pri...
- + Post-Quantum Cryptography: Standards and Progress—Posted by Royal Hansen, VP, Privacy, Safety and Security Engineering, ...
- + Keeping your Android device safe from text message fraud—Posted by Nataliya Stanetsky and Roger Piqueras Jover, Android Securit...
- + Improving the security of Chrome cookies on Windows—Posted by Will Harris, Chrome Security Team Cybercriminals using c...
- + Building security into the redesigned Chrome downloads experience—Posted by Jasika Bawa, Lily Chen, and Daniel Rubery, Chrome Security ...
- + Sustaining Digital Certificate Security - Entrust Certificate Distrust—Posted by Chrome Root Program, Chrome Security Team Update (09/1...
- show more ...
As of 10/5/24 11:29pm. Last new 10/3/24 1:03pm. Score: 458
- + MAR-10448362-1.v1 Volt Typhoon—Notification This report is provided "as is" for informational pur...
- + MAR-10478915-1.v1 Citrix Bleed— Notification This report is provided "as...
- + MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors — Notification This report is provided "...
- + MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475— Notification This report is provided "as...
- + Infamous Chisel Malware Analysis Report—Infamous Chisel–A collection of components associated with Sandworm de...
- + MAR-10459736.r1.v1 WHIRLPOOL Backdoor— Notification This report is provided "...
- + MAR-10454006.r4.v2 SEASPY and WHIRLPOOL Backdoors— Notification This report is provided "as is" f...
- + MAR-10454006-r3.v1 Exploit Payload Backdoor — Notification This report is provided "as...
- + MAR-10454006-r2.v1 SEASPY Backdoor — Notification This report is provided "as...
- + MAR-10454006-r1.v2 SUBMARINE Backdoor— Notification This report is provided "as is" ...
As of 10/5/24 11:29pm. Last new 10/1/24 12:24am. Score: 450
- + CISA is warning us (again) about the threat to critical infrastructure networks—Government-run water systems and other critical infrastructure are sti...
- + Threat actor believed to be spreading new MedusaLocker variant since 2022—Cisco Talos has discovered a financially motivated threat actor, activ...
- + Are hardware supply chain attacks “cyber attacks?”—The recent attacks in the Middle East triggering explosions on pag...
- + Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam—Attackers are abusing normal features of legitimate web sites to trans...
- + Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC—Cisco Talos’ Vulnerability Research team recently disclosed two...
- + Talk of election security is good, but we still need more money to solve the problem—Last week, six Secretaries of State testified to U.S. Congress about...
- + We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders—I have written about the dreaded “cybersecurity skills gap...
- + Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API—Cisco Talos’ Vulnerability Research team discovered two vulnera...
- + Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score—Microsoft disclosed four vulnerabilities that are actively being ...
- + DragonRank, a Chinese-speaking SEO manipulator service provider—Key Takeaways Cisco Talos is disclosing a new threat called ...
- show more ...
As of 10/5/24 11:29pm. Last new 10/3/24 5:33pm. Score: 449
- + Zeek 6.0.8—Zeek is a powerful network analysis framework that is much different f...
- + ABB Cylon Aspect 3.07.02 Authenticated File Disclosure—ABB Cylon Aspect version 3.07.02 suffers from an authenticated arbitra...
- + Debian Security Advisory 5784-1—Debian Linux Security Advisory 5784-1 - Fabian Vogt reported that the ...
- + Debian Security Advisory 5783-1—Debian Linux Security Advisory 5783-1 - Multiple security issues have ...
- + TeamViewer Privilege Escalation—Proof of concept code for a flaw in TeamViewer that enables an unprivi...
- + Ubuntu Security Notice USN-7053-1—Ubuntu Security Notice 7053-1 - It was discovered that ImageMagick inc...
- + Debian Security Advisory 5782-1—Debian Linux Security Advisory 5782-1 - Several vulnerabilities have b...
- + Ubuntu Security Notice USN-7055-1—Ubuntu Security Notice 7055-1 - Goldberg, Miro Haller, Nadia Heninger,...
- + MD-Pro 1.0.76 Shell Upload / SQL Injection—MD-Pro version 1.0.76 suffers from remote SQL injection and shell uplo...
- + Computer Laboratory Management System 2024 1.0 Cross Site Scripting—Computer Laboratory Management System 2024 version 1.0 suffers from a ...
- show more ...
As of 10/5/24 11:30pm. Last new 10/4/24 8:19pm. Score: 446
- + Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability—Apple has released iOS and iPadOS updates to address two security issu...
- + U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown—Microsoft and the U.S. Department of Justice (DoJ) on Thursday announc...
- + How to Get Going with CTEM When You Don't Know Where to Start—Continuous Threat Exposure Management (CTEM) is a strategic framework ...
- + Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors—Cloudflare has disclosed that it mitigated a record-breaking distribut...
- + WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks—A new high-severity security flaw has been disclosed in the LiteSpeed ...
- + Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks—Google has revealed the various security guardrails that have been inc...
- + The Secret Weakness Execs Are Overlooking: Non-Human Identities—For years, securing a company’s systems was synonymous with securing i...
- + New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking—Linux servers are the target of an ongoing campaign that delivers a st...
- + North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks—Threat actors with ties to North Korea have been observed delivering a...
- + INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa—INTERPOL has announced the arrest of eight individuals in Côte d'Ivoir...
- show more ...
As of 10/5/24 11:30pm. Last new 10/5/24 3:35am. Score: 432
- + Palo Alto Networks: 5x Leader in the Gartner Magic Quadrant for SD-WAN—Palo Alto Networks is the only vendor recognized as a Leader in Single...
- + A Leader in 2024 Forrester Enterprise Firewall Solutions Wave—As businesses adopt AI and face increasingly advanced threats, organiz...
- + The Top 5 Largest Scale Intrusions in 2023—What Powered Them? Large-scale cyber intrusions increased during 202...
- + Palo Alto Networks Prevents Data Loss at Enterprise Scale with NVIDIA—The rapid adoption of generative AI (GenAI) applications is driving a ...
- + Unit 42 Incident Response Retainers Enhance Organizational Resilience—Cyberattacks have increased in speed, scale and sophistication in the ...
- + A Leader in the 2024 Gartner Magic Quadrant for EPP—For Cortex XDR, Palo Alto Networks is Recognized as a Leader Once Agai...
- + Forrester Names Palo Alto Networks a Leader in Attack Surface Management—Cortex Xpanse is recognized with the top vendor score in the strategy ...
- + The Hidden AI Risk Lurking In Your Business—Today, there are thousands of Generative AI (GenAI) tools available on...
- + Using Time in Your Favor During a Ransomware Attack—Slow-Playing the Attackers When you face extortion, there are battle...
- + Crush It, Don’t Get Crushed — Combat SOC Analyst Burnout with AI—Anyone who works in cybersecurity knows that it’s full of rewards and ...
- show more ...
As of 10/5/24 11:30pm. Last new 10/4/24 8:34pm. Score: 421
- + How To Scan a Website for Vulnerabilities: Top Tools and Techniques—Knowing how to scan a website for vulnerabilities can help keep you pr...
- + How Veeam Helped New Orleans Fight Ransomware—When faced with a ransomware attack, organizations and government agen...
- + Cohesity and Microsoft Tag Team To Improve Data Protection—Cohesity and Microsoft recently announced they have expanded their par...
- + NVIDIA CSO David Reber on AI and Cybersecurity—I spoke with David Reber, CSO of Nvidia , about how the modern cybers...
- + IBM’s Vision for Security in the Quantum Era—Enterprise technology solutions are predicated on the knowledge that l...
- + DigiCert Rolls Out Trust Lifecycle Manager—DigiCert this week launched a comprehensive digital trust solution t...
- + Tech Predictions for 2023: AI, Cloud, Edge, Cybersecurity, and More—So you think you can predict the course of technology in the year ahea...
- + Cynet’s George Tubin on XDR Cybersecurity—I spoke with George Tubin, Director of Product Strategy at Cynet , ab...
- + Understanding the Business Costs of Phishing Attacks—Phishing attacks—where hackers try to collect personal information usi...
- + Sophos CTO Joe Levy on AI in Cybersecurity—I spoke with Joe Levy, CTO at Sophos , about the challenges and poten...
As of 10/5/24 11:30pm. Last new 10/1/24 12:39am. Score: 421