Security Issues, Vulnerabilities, Exploits & Government Alerts
Jun 12, 2024NewsroomCyber Attack / Malware Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. “WARMCOOKIE appears to be an initial…
Jun 12, 2024Newsroom State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader…
Jun 12, 2024NewsroomPatch Tuesday / Vulnerability Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50…
Jun 11, 2024The Hacker NewsEndpoint Security / Incident Response Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as…
Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Web API Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Intrado Equipment: 911 Emergency Gateway (EGW) Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: PI Asset Framework Client Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious…
One of the most effective ways for information technology (IT) professionals to uncover a company’s weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable…