Security Issues, Vulnerabilities, Exploits & Government Alerts
?Feb 14, 2024?NewsroomSoftware Security / Vulnerability Cybersecurity researchers have found that it’s possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the U.S. Election Assistance Commission (EAC), and the United States Postal Inspection Service (USPIS) published Election Mail Handling Procedures to…
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive…
?Feb 14, 2024?NewsroomMalware / Cybercrime The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security…
?Feb 14, 2024?NewsroomZero-Day / Financial Sector Security A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting…
?Feb 14, 2024?NewsroomPatch Tuesday / Vulnerability Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come…
?Feb 13, 2024?NewsroomCryptocurrency / Rootkit The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. “This bootkit…
?Feb 13, 2024?NewsroomCyber Threat / Malware The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of “devolution.” “Although it appears to be…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Module Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful…
?Feb 13, 2024?The Hacker NewsSaaS Security / Data Breach The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches…