Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Top 15 Exploited Cyb ...

 Cyber News

The FBI, NSA, and allied agencies within the Five Eyes intelligence network have published a list of the 15 most exploited vulnerabilities from 2023. The cybersecurity advisory, a collaborative effort led by the Cybersecurity and Infrastructure Security Agency (CISA) alongside the national cybersecurity authorities of   show more ...

Australia, Canada, New Zealand, and the United Kingdom, urges organizations worldwide to prioritize patching these vulnerabilities. The advisory highlights that malicious actors leveraged more zero-day vulnerabilities in 2023 than in 2022, exposing critical enterprise networks. These zero-day vulnerabilities, which are exploited before the release of patches, enabled cyber actors to compromise high-priority targets with minimal resistance. The advisory also emphasizes the need for organizations to deploy strong patch management systems to prevent further exposure.  Zero-day Vulnerabilities: Background and Purpose The advisory, developed by cybersecurity agencies in the Five Eyes alliance, aims to provide critical insights into the most exploited vulnerabilities and associated risks in 2023. This release serves as a reference for both developers and organizations, advising them to adopt a proactive approach to vulnerability management and security best practices. The authoring agencies included: United States: CISA, FBI, and NSA Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand National Cyber Security Centre (NCSC-NZ) and CERT NZ United Kingdom: National Cyber Security Centre (NCSC-UK) Key Findings The report’s findings highlight a growing trend: in 2023, the majority of the most exploited vulnerabilities were first exploited as zero-days, a rise from the previous year when fewer vulnerabilities were exploited before patches were available. Notably, cyber actors have been most successful in exploiting vulnerabilities within the first two years of their disclosure. Table 1 below lists the top 15 vulnerabilities exploited throughout 2023. The table includes each vulnerability’s Common Vulnerabilities and Exposures (CVE) identifier, as well as affected platforms and exploit details. CVE Platform Vulnerability Details CVE-2023-3519 Citrix NetScaler ADC & Gateway Causes stack buffer overflow via HTTP GET request CVE-2023-4966 Citrix NetScaler ADC & Gateway Session token leakage, PoC revealed in Oct 2023 CVE-2023-20198 Cisco IOS XE Web UI Unauthorized access; allows local user creation CVE-2023-20273 Cisco IOS XE Escalates privileges to root once local user is created CVE-2023-27997 Fortinet FortiOS & FortiProxy SSL-VPN Remote code execution via crafted requests CVE-2023-34362 Progress MOVEit Transfer SQL injection grants sysadmin access and remote code execution CVE-2023-22515 Atlassian Confluence Exploits improper input validation; adds admin user CVE-2021-44228 Apache Log4j (Log4Shell) Code execution vulnerability; active since Dec 2021 CVE-2023-2868 Barracuda ESG Appliance Unauthorized access and remote command execution CVE-2022-47966 Zoho ManageEngine Executes arbitrary code via SAML endpoint CVE-2023-27350 PaperCut MF/NG Bypasses authentication, executes code through scripting CVE-2020-1472 Microsoft Netlogon Privilege escalation via secure channel exploit CVE-2023-42793 JetBrains TeamCity Authentication bypass allows remote code execution CVE-2023-23397 Microsoft Outlook Privilege escalation via specially crafted emails CVE-2023-49103 ownCloud graphapi Unauthenticated access to sensitive admin data Recommended Mitigations The advisory includes actionable recommendations to help organizations secure their networks against these vulnerabilities. Here’s a summary of the key measures: For Developers and Vendors Secure Software Development: Follow secure design principles, integrating security at each stage of the Software Development Life Cycle (SDLC). SP 800-218 SSDF Compliance: Implement secure practices such as peer code reviews, vulnerability disclosure programs, and static and dynamic application security testing (SAST/DAST) to identify and mitigate vulnerabilities. Secure by Default Configurations: Eliminate default passwords, employ single sign-on (SSO) technology, and maintain high-quality audit logs. For End-User Organizations Patch Management: Regularly update systems, prioritizing the patching of known exploited vulnerabilities (KEVs) listed in the advisory. Security Tools: Deploy endpoint detection and response (EDR) systems, web application firewalls, and network protocol analyzers to detect and respond to zero-day exploit attempts. Secure Configurations: Enforce secure default configurations to reduce unnecessary exposure and improve overall security resilience. Implementing Security-Centered Development Lifecycles The advisory encourages implementing security-centered product development lifecycles, reducing vulnerability exposure through vigrous testing and threat modeling. By enhancing the development process with these practices, developers can better prevent vulnerabilities and minimize the need for post-deployment patches, which can be costly and time-consuming. Incentivizing Vulnerability Disclosure Programs The cybersecurity advisory advocates for an increase in incentives for responsible vulnerability disclosure, recommending programs such as bug bounties to encourage ethical vulnerability reporting. These programs not only compensate researchers but also promote quicker identification and remediation of potential security flaws. Importance of Sophisticated Detection Tools The use of advanced detection tools, particularly EDR solutions, can significantly aid in detecting and mitigating zero-day. For example, at least three of the most exploited vulnerabilities in 2023 were identified through the use of EDR or other detection methods when suspicious activity was reported. By following the recommendations and proactively addressing these known exploits, organizations can effectively mitigate risks and defend against increasingly sophisticated cyber threats. For more information on the vulnerabilities and recommendations, organizations are encouraged to review CISA’s full advisory.

image for CISA Alerts: Five Ne ...

 Cyber News

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of their active exploitation. These vulnerabilities, spanning across widely used software products, pose notable risks to   show more ...

organizational cybersecurity. CISA’s ongoing updates to the KEV Catalog emphasize the agency’s commitment to tracking and remediating high-risk vulnerabilities within the federal enterprise and beyond. New Additions to the Known Exploited Vulnerabilities Catalog The newly added vulnerabilities include: CVE-2021-26086 - Atlassian Jira Server and Data Center Path Traversal Vulnerability This vulnerability in Atlassian Jira Server and Data Center allows attackers to read restricted files within the system. Exploiting this flaw involves a path traversal attack, which could enable unauthorized file access, leading to information disclosure and possible lateral movement within the compromised network. CVE-2014-2120 - Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability Found in Cisco's ASA, this cross-site scripting vulnerability allows attackers to inject malicious scripts into the WebVPN login page, potentially compromising user sessions and manipulating sensitive data. The vulnerability affects specific WebVPN configurations, highlighting a need for close attention to firewall settings and configurations on Cisco ASA devices. CVE-2021-41277 - Metabase GeoJSON API Local File Inclusion Vulnerability Metabase's GeoJSON API includes a local file inclusion vulnerability in the custom map support API for GeoJSON data handling. Attackers exploiting this vulnerability may gain access to sensitive files and data within the host environment. Organizations using Metabase should prioritize applying patches to prevent potential unauthorized access through this API. CVE-2024-43451 - Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability This vulnerability in Microsoft Windows discloses the NTLMv2 hash, which could be exploited by an attacker to impersonate the compromised user. This hash disclosure can occur during a file open operation, creating a potential entry point for adversaries to access privileged information or systems. CVE-2024-49039 - Microsoft Windows Task Scheduler Privilege Escalation Vulnerability In Microsoft Windows, a privilege escalation vulnerability in the Task Scheduler could enable attackers to access functions outside of an AppContainer's restrictions, allowing elevated privileges and access to sensitive system areas. Privilege escalation vulnerabilities such as this are often used in complex attack chains, underscoring the need for immediate patching. Understanding the Risks and the Role of the KEV Catalog These newly listed vulnerabilities demonstrate the wide range of attack methods—path traversal, cross-site scripting, local file inclusion, hash disclosure, and privilege escalation—favored by cyber attackers to breach defenses. When exploited, these vulnerabilities could lead to unauthorized access, data exfiltration, and potentially complete control over compromised systems. The Known Exploited Vulnerabilities (KEV) Catalog was established by CISA as a central resource through Binding Operational Directive (BOD) 22-01, which aims to reduce the risks posed by actively exploited vulnerabilities. BOD 22-01 requires that all Federal Civilian Executive Branch (FCEB) agencies remediate vulnerabilities listed in the KEV Catalog by their specified due dates. By enforcing these timely remediations, the directive strengthens defenses against active threats targeting federal networks. Key Requirements and Actions for Organizations While BOD 22-01 applies specifically to FCEB agencies, CISA strongly encourages all organizations to incorporate the KEV Catalog into their cybersecurity management frameworks. By aligning remediation priorities with the KEV Catalog, organizations can improve their resilience against known vulnerabilities that attackers are actively exploiting. Below is a summary of each new vulnerability's recommended actions and the associated remediation deadlines: CVE-2021-26086 (Atlassian Jira Server and Data Center): Mitigation efforts should follow Atlassian's guidelines, or usage should be discontinued if patches are unavailable. CVE-2014-2120 (Cisco ASA): Organizations are urged to apply Cisco-provided patches or to disable the WebVPN feature if patches cannot be implemented. CVE-2021-41277 (Metabase GeoJSON API): Follow Metabase's official instructions for patching or disabling vulnerable services if no fixes are available. CVE-2024-43451 (Microsoft Windows NTLMv2 Hash Disclosure): Microsoft’s guidance should be applied to prevent hash spoofing attacks, and usage should cease in environments where patches are impractical. CVE-2024-49039 (Microsoft Windows Task Scheduler Privilege Escalation): Organizations should immediately implement vendor-specific patches or discontinue use until mitigation is possible. Each vulnerability added to the KEV Catalog is assigned a due date for remediation. For these five vulnerabilities, CISA has set a due date of December 3, 2024. Practical Steps for Effective Vulnerability Management To maximize protection, CISA advises that organizations use the KEV Catalog as part of a broader vulnerability management program. This can involve: Regularly Check the KEV Catalog: The KEV Catalog is continuously updated to reflect newly identified vulnerabilities. Integrating these updates into organizational cybersecurity protocols ensures that high-risk vulnerabilities are prioritized. Adopting a Risk-Based Approach: Prioritizing vulnerabilities based on risk to the organization can improve resource allocation and ensure timely responses to critical threats. The KEV Catalog provides a risk-based framework by highlighting actively exploited vulnerabilities, enabling security teams to focus on what matters most. Implementing Timely Patching and Mitigation: Applying patches is often the most straightforward method for neutralizing a vulnerability. However, if a patch is unavailable, alternative mitigations, such as disabling certain features or services, should be implemented to limit exposure. Engaging with Vendors for Guidance: In cases where mitigation instructions are complex or when a patch might affect system functionality, collaboration with software vendors is essential for secure deployment and risk reduction. Conclusion CISA’s KEV Catalog remains an essential tool for federal agencies and private sector organizations alike. With the addition of these five vulnerabilities, the catalog reinforces its role as an authoritative source for vulnerabilities that have been exploited in real-world cyberattacks. Organizations are encouraged to act swiftly by remediating these vulnerabilities according to CISA’s recommendations. For organizations across sectors, leveraging resources like the KEV Catalog is critical to staying ahead of attackers and ensuring a strong security posture.

image for Microsoft’s Novemb ...

 Firewall Daily

Microsoft rolled out its monthly security updates as part of the Microsoft November 2024 Patch Tuesday cycle. The company addressed a total of 91 vulnerabilities, with four of them being classified as zero-day vulnerabilities that were actively exploited in the wild.   This release, which includes patches for a   show more ...

variety of critical flaws, offers essential protection for users across different Microsoft platforms, including Windows, Microsoft Exchange Server, and Azure.  Key Highlights from the Microsoft November 2024 Patch Tuesday  This month’s Microsoft Patch Tuesday updates cover a broad range of security vulnerabilities. Of the 91 flaws addressed, four are zero-day vulnerabilities, with two being actively exploited. The severity of these vulnerabilities ranges from critical to moderate, with the majority falling into the remote code execution (RCE) and elevation of privilege (EoP) categories.  The Microsoft November 2024 Patch Tuesday update addresses a range of vulnerabilities, with a particular focus on four zero-day flaws. Two of these zero-day vulnerabilities were actively being exploited in the wild, highlighting the urgency of applying the patches immediately.   These vulnerabilities, if left unpatched, could allow attackers to gain unauthorized access or cause significant disruption, making it crucial for users and organizations to act quickly to protect their systems.   In addition to the zero-day flaws, the update also fixes four critical vulnerabilities. These critical flaws pose significant risks, including the potential for attackers to execute arbitrary code or gain unauthorized access to systems. Exploitation of these vulnerabilities could lead to severe security breaches, allowing attackers to compromise sensitive information or take control of vulnerable systems.   The Microsoft November 2024 Patch Tuesday also addresses a variety of other vulnerabilities across different categories. Among these are issues related to elevation of privilege, spoofing, and denial of service (DoS).   Elevation of privilege vulnerabilities could allow attackers to escalate their user privileges, granting them access to restricted resources. Spoofing vulnerabilities could be exploited to impersonate legitimate users or services, potentially leading to phishing attacks or unauthorized access.   Meanwhile, the denial-of-service vulnerabilities could disrupt services, causing them to become unavailable or unresponsive. These diverse vulnerabilities further emphasize the importance of keeping systems up to date with the latest security patches.  Zero-Day Vulnerabilities Actively Exploited  Among the most urgent fixes in the Microsoft November 2024 Patch Tuesday release are the four zero-day vulnerabilities. These flaws have been discovered to be actively exploited, meaning that they pose an immediate risk to users and businesses.  CVE-2024-43451: A spoofing vulnerability in the New Technology LAN Manager v2 (NTLMv2) protocol, this flaw could allow an attacker to view a user’s hashed password, which could then be exploited to gain unauthorized access to systems. Although it is rated medium in severity, its potential for abuse means it should be addressed quickly.  CVE-2024-49039: This is an elevation of privilege vulnerability found in Windows Task Scheduler. It allows attackers to escalate their privileges from low to high, potentially giving them access to restricted resources. This flaw is considered high in severity, with a CVSS score of 8.8.  CVE-2024-49040: A spoofing vulnerability in Microsoft Exchange Server, this flaw could allow an attacker to forge email headers and send messages that appear to come from a legitimate source. This vulnerability is critical for Exchange Server users, as it can enable phishing or other malicious activity.  CVE-2024-49019: Found in Active Directory Certificate Services (AD CS), this flaw could allow an attacker to obtain domain administrator privileges due to weak authentication in certain configurations. It ranks high in severity, with a CVSS score of 7.8.  These four vulnerabilities highlight the ongoing risk posed by zero-day flaws and underscore the importance of keeping systems up to date with the latest Microsoft security updates.  Critical Vulnerabilities in the November 2024 Update  In addition to the zero-day flaws, Microsoft November 2024 Patch Tuesday also addressed several critical vulnerabilities across different Microsoft services and platforms. Among these critical vulnerabilities are:  CVE-2024-43498: A type confusion vulnerability in .NET that could allow remote code execution on vulnerable web and desktop applications.  CVE-2024-43625: A “use after free” vulnerability in Hyper-V, which could allow an attacker to gain host privileges from a guest virtual machine.  CVE-2024-43639: A flaw in Windows Kerberos that could allow unauthenticated attackers to execute remote code on a targeted machine.  CVE-2024-49056: A privilege escalation flaw in Microsoft’s Airlift component, which could be exploited by unauthorized users to bypass authentication controls.  These critical vulnerabilities are considered to be highly exploitable and require immediate attention to ensure that systems remain secure.  Breakdown of Vulnerabilities by Type  In terms of categorization, the Microsoft November 2024 Patch Tuesday update covers several different types of vulnerabilities. The most prevalent flaws in this month’s release are in the following categories:  Remote Code Execution (RCE): 52 vulnerabilities fall under this category, representing 58.6% of the total patched flaws. RCE vulnerabilities allow attackers to execute arbitrary code remotely, often leading to full system compromise.  Elevation of Privilege (EoP): With 26 vulnerabilities, EoP flaws make up 29.9% of the total. These vulnerabilities can allow attackers to escalate their privileges on a compromised system, granting them access to restricted resources.  Denial of Service (DoS): Four DoS vulnerabilities were addressed, which can cause systems or services to become unavailable.  Spoofing: Three spoofing vulnerabilities were patched, which could allow attackers to impersonate legitimate users or services.  Security Feature Bypass (SFB): Two vulnerabilities in this category were fixed, which could allow attackers to bypass security features.  information disclosure: One vulnerability was patched that could potentially lead to unauthorized information disclosure.  Commentary from Security Experts  Security professionals are urging organizations to act quickly and deploy the Microsoft security update to patch these vulnerabilities, particularly the zero-days. Satnam Narang, Sr. Staff Research Engineer at Tenable, emphasized the potential risks associated with flaws like CVE-2024-43451, which exposes NTLMv2 hashes and can be exploited using pass-the-hash techniques.  “While we don’t have insight into the in-the-wild exploitation of CVE-2024-43451 at this time, one thing is certain: attackers continue to be adamant about discovering and exploiting zero-day vulnerabilities that can disclose NTLMv2 hashes, as they can be used to authenticate to systems and potentially move laterally within a network to access other systems”, denoted Narang.  He also noted that the CVE-2024-49039 vulnerability in Windows Task Scheduler could be part of a more targeted attack, often associated with advanced persistent threats (APTs) or nation-state actors. As such, organizations should prioritize these vulnerabilities to mitigate the risk of targeted exploits. 

image for Ex-Air Guardsman Sen ...

 Cyber News

A 22-year-old former Air National Guardsman, Jack Teixeira, has been sentenced to 15 years in federal prison after leaking a trove of highly classified U.S. military intelligence on social media. His conviction, handed down in a Boston federal court, marks a striking case of an insider threat, exposing deep-seated   show more ...

concerns about access controls within the U.S. military’s cybersecurity framework. Teixeira, hailing from North Dighton, Massachusetts, enlisted in the U.S. Air National Guard (USANG) in 2019 and held a Top-Secret/Sensitive Compartmented Information (TS/SCI) security clearance. Despite multiple warnings from superiors to avoid accessing classified information outside his responsibilities, Teixeira exploited his role to search for and share hundreds of pages of sensitive National Defense Information (NDI). Using a secure workstation at the 102nd Intelligence Wing in Otis USANG Base, he accessed data unrelated to his duties, copying details about military strategies, troop movements, and insights into the Russia-Ukraine conflict. Jack Teixeira Posted Classified Intel on Discord From early 2022 until his arrest in April 2023, Teixeira posted the classified information on Discord, a popular platform among gamers, to impress anonymous users. These postings reportedly contained images and documents stamped with “TOP SECRET” and “SECRET” classification markings—visible evidence of unauthorized disclosures to foreign adversaries. His actions stirred alarm within the U.S. intelligence community, raising questions about cybersecurity practices around NDI access and storage. “Jack Teixeira repeatedly shared classified national defense information on a social media platform to impress anonymous friends on the internet – instead, it has landed him a 15-year sentence,” said Attorney General Merrick Garland. “Teixeira’s profound breach of trust endangered our country’s national security and that of our allies. This sentence demonstrates the seriousness of the obligation to protect our country’s secrets and the safety of the American people.” Teixeira’s case is a troubling reminder of the misuse of TS/SCI-level clearances, a designation meant to secure highly sensitive government information only accessible to personnel who undergo extensive vetting. Such clearances are designed to compartmentalize critical information on U.S. national security operations and defense strategies. Experts argue this breach shows the need for even more stringent protocols in monitoring insider threats, particularly in roles where users may access sensitive data. In March, Teixeira pleaded guilty to six counts related to the unauthorized retention and transmission of classified information. Authorities found that despite warnings and training, he continued conducting “deep dives” into classified intelligence, going so far as to distribute photographic and written material, later amplified by others on social media. Acting U.S. Attorney Joshua Levy characterized Teixeira’s actions as “one of the most significant leaks of classified documents in U.S. history,” emphasizing the “exceptionally grave and long-lasting damage” inflicted on national security. Teixeira's position as a Cyber Defense Operations Journeyman tasked him with maintaining classified workstations for the 102nd Intelligence Wing. Although his role required occasional access to classified materials, he consistently overstepped by accessing and sharing unrelated, highly sensitive information. Levy added, “This is disturbing conduct that will not go unnoticed and unchecked.” Case Leads to Review of Classified Access The fallout from this breach has spurred a renewed focus on the U.S. military's policies surrounding classified information access and distribution. Industry analysts stress that monitoring “user behavior analytics” could identify suspicious patterns of access, a method increasingly common in government agencies to flag potential misuse of classified materials. When executed appropriately, such techniques alert security teams to excessive or unauthorized access, as Teixeira’s case starkly demonstrated. Teixeira’s sentence is a warning to personnel entrusted with national defense secrets, reminding them that violating this trust will have severe consequences. Shortly before his arrest in April 2023, Teixeira attempted to cover his tracks by destroying digital devices, erasing online accounts, and urging his associates to do the same. However, FBI Director Christopher Wray commented that the agency’s collaboration with other security agencies enabled them to “work diligently to protect classified information and ensure that those who turn their backs on their country face justice.” The broader implications of Teixeira’s actions echo in today’s digital landscape, where cybersecurity experts point to the ever-growing vulnerability posed by insider threats. This case illustrates how personal motives—here, the desire to impress online acquaintances—can lead individuals with access to classified information to jeopardize national security.

image for GAO Finds Persistent ...

 Compliance

With cyberattacks on healthcare organizations rising sharply, the U.S. Department of Health and Human Services (HHS) faces mounting criticism over its ability to protect this essential sector. A new report from the Government Accountability Office (GAO) found that HHS has yet to meet critical cybersecurity goals,   show more ...

leaving healthcare organizations vulnerable to increasingly complex cyberthreats. Despite HHS’s position as the lead federal agency for healthcare cybersecurity, it has made limited progress in establishing necessary defenses, particularly as ransomware, Internet of Things (IoT) threats, and operational technology (OT) risks continue to evolve, the GAO report concluded. HHS Role and Unmet Expectations As the primary federal agency charged with securing healthcare infrastructure, HHS works with the Cybersecurity and Infrastructure Security Agency (CISA) to coordinate protections for the sector. Yet the GAO report states there is a lack of consistent oversight and planning. HHS's oversight shortcomings, coupled with a failure to implement previously recommended security measures, limit its ability to secure healthcare data effectively, creating persistent vulnerabilities. One example of these vulnerabilities, GAO said, is the Change Healthcare ransomware attack in early 2024 that exposed sensitive data, disrupted services, and led to an estimated $874 million in damages. Such incidents showcase the urgent need for stronger leadership and more effective oversight within HHS, especially as the healthcare sector continues to be a prime target for cybercriminals. The HHS' shortcomings exposed during the Change Healthcare incident also drew criticism from House members like Sen. Ron Wyden, who urged HHS to raise cybersecurity standards to avert such future incidents. Also read: Threat Landscape Report: U.S. Healthcare 2024 Lack of Effective Ransomware Oversight Ransomware has become a persistent threat to healthcare, with attacks leading to severe disruptions in patient care and financial losses. The GAO report reveals that HHS has not consistently monitored the healthcare sector’s adoption of ransomware mitigation practices, which are essential to securing critical systems. Without tracking adoption or implementation, HHS cannot accurately identify which organizations remain most at risk or direct resources where they are most needed, the GAO said. "HHS was not yet tracking adoption of the ransomware-specific practices outlined in the framework. Although HHS officials told us that they would be able to assess implementation of key concepts in the framework, the department did not provide evidence of its efforts to do so." - GAO HHS has taken steps to provide resources like guidance, training, and threat briefings to healthcare entities. However, without concrete tracking, these resources lack measurable effectiveness. To address this, the GAO recommends that HHS coordinate with CISA to evaluate the sector’s adoption of essential cybersecurity practices to reduce ransomware risks. This assessment would provide HHS with critical insights into areas that need improvement, allowing it to allocate resources more effectively and protect vulnerable organizations from ransomware attacks. Ineffective Support for Sector-Wide Cybersecurity In its role, HHS offers a variety of resources, including documents, training sessions, and briefings, to assist healthcare organizations in bolstering cybersecurity. Yet, the GAO report finds that HHS has not evaluated which forms of support are most useful for healthcare entities. As a result, HHS lacks a clear understanding of whether its resources effectively meet the sector’s needs, leading to communication gaps and delayed threat response times. The GAO urges HHS to implement assessment procedures to measure the impact of its support efforts, which would enable it to make informed adjustments to its cybersecurity approach. Gaps in Risk Assessments for IoT and OT Devices The healthcare sector increasingly relies on IoT and OT devices—such as patient monitoring systems and hospital infrastructure—that create new cybersecurity risks. However, the GAO said HHS has yet to complete a comprehensive risk assessment covering these devices. Although HHS has assessed certain risks associated with IoT in medical devices, a broader evaluation of sector-wide IoT and OT threats remains missing. This gap leaves many healthcare organizations without adequate protections against the vulnerabilities these connected devices introduce. "HHS had ongoing risk activities for medical devices, a specific type of IoT device. However, HHS had not conducted a comprehensive sector-wide cybersecurity risk assessment addressing IoT and OT devices. As a result, the department did not know what additional security protections were needed to address growing and evolving threats." - GAO Also read: Vulnerability Management in Healthcare IoT Devices: Best Practices for Securing Medical Equipment The GAO recommends that HHS expand its risk assessments to include IoT and OT devices comprehensively. Doing so would provide healthcare organizations with a clearer understanding of where additional security protections are needed, allowing for better-targeted defenses against emerging threats. Collaboration and Coordination Challenges HHS’s Administration for Strategic Preparedness and Response (ASPR) plays a crucial role in fostering collaboration among healthcare organizations to strengthen cybersecurity. However, the GAO points to weaknesses in ASPR’s efforts to lead effective collaboration, citing unclear goals, undefined responsibilities, and outdated collaboration charters. These issues hamper ASPR’s ability to unite healthcare entities around shared security objectives. To improve this, the GAO suggests that ASPR should set clear goals, define responsibilities more precisely, and regularly assess collaboration efforts’ progress. This strategy would ensure that ASPR’s working groups and collaborations are both efficient and effective, directly benefiting the sector’s cybersecurity posture. Harmonizing Conflicting Cybersecurity Requirements for State Agencies The GAO also identified conflicting cybersecurity requirements between HHS’s Centers for Medicare and Medicaid Services (CMS) and other federal agencies, which complicates state-level cybersecurity efforts. CMS mandates specific cybersecurity practices for state agencies handling Medicare and Medicaid data, but these standards often clash with those of other agencies, such as the Social Security Administration. This creates confusion and adds unnecessary compliance burdens for state officials, detracting from their focus on essential cybersecurity efforts. To address this issue, the GAO recommends that CMS work with other federal agencies to harmonize cybersecurity requirements. By creating consistent standards across agencies, HHS can simplify compliance, helping state agencies allocate resources more effectively and strengthen cybersecurity at the state level. Prioritizing Comprehensive Cybersecurity Measures The GAO made it clear that HHS must address its ongoing cybersecurity challenges to safeguard the healthcare sector effectively. Implementing the GAO’s recommendations will be critical to enhancing HHS’s leadership role, reducing ransomware and IoT-related vulnerabilities, and fostering improved coordination among healthcare organizations. Proactively addressing these issues will require HHS to monitor the adoption of cybersecurity practices, evaluate the impact of its support resources, and undertake comprehensive risk assessments, particularly for IoT and OT devices. Through a more strategic approach, HHS can help healthcare providers better prepare for the evolving cyber threat landscape, ensuring they have the necessary protections to continue delivering safe and secure patient care.

image for Russia, China and Ir ...

 Cyber News

As the United States transitions from the 2024 election cycle, cyber threat actors from Russia, China, and Iran are poised to intensify influence operations aimed at destabilizing U.S. interests. These campaigns, expected to continue well into 2025, will target governmental institutions and public sentiment through   show more ...

social media, content manipulation, and disinformation, Google's Cybersecurity Forecast 2025 stated. Leveraging advances in generative AI, these actors can now execute high-volume, highly persuasive influence operations with unprecedented scale and sophistication. Aggressive Influence Operations of the Big Three to Continue Russia will maintain a strong focus on Ukraine, employing cyber espionage and information operations to support ongoing conflict. Beyond Ukraine, Kremlin will maintain a steady focus on amplifying politically divisive narratives in the U.S., employing tactics honed during its ongoing operations in Ukraine. Russia's disinformation efforts in the U.S. election may have had some effect, particularly in the "swing" states of Michigan and Wisconsin. Russian actors aim to undermine U.S. alliances, disrupt political discourse, and bolster Moscow’s global stance. Disguising tactics through a variety of hacktivist personas, they will continue to operate both covert and public campaigns targeting government, media, and social platforms, capitalizing on high-profile global events for maximum impact. China will prioritize targeted influence operations around strategic elections, particularly within nations seen as critical to the People’s Republic of China (PRC)’s interests, such as the U.S. and Taiwan. Chinese-controlled media and AI-driven personas are expected to create fake news content and impersonate voters, promoting false claims of election interference or questioning the validity of democratic processes. PRC actors are also expected to use advanced tactics like custom malware ecosystems for embedded systems, making detection more challenging and enabling long-term infiltration. Iran will similarly leverage disinformation to influence U.S. policies and perceptions, while maintaining a focus on internal stability in response to geopolitical conflicts in the Middle East. Iran’s cyber threat operations will include disinformation and espionage campaigns targeting U.S.-affiliated Middle Eastern groups, as well as political and media institutions that amplify views critical of Tehran’s policies. The ongoing Israel-Hamas conflict will likely shape much of Iran’s digital agenda, combining cyber espionage with misinformation campaigns to sway public opinion. Other Threats and Key Cybersecurity Trends for 2025 A number of other trends were noted in the 2025 outlook. Ransomware and Extortion: Persistent and Evolving Ransomware remains a top threat, and multifaceted extortion tactics involving data theft and service disruptions will likely surge. The increasing number of data leak sites and emerging ransomware-as-a-service (RaaS) offerings enable cybercriminals of varying skill levels to launch impactful attacks across industries. The healthcare sector has been particularly vulnerable, with ransomware compromising patient care and essential services—a trend that shows no signs of slowing. Infostealer Malware: Facilitating Data Breaches Infostealers will continue to gain traction as threat actors exploit stolen credentials to gain access to sensitive networks. This form of malware will remain a low-effort, high-reward tool, especially effective in environments lacking multi-factor authentication. By obtaining credentials, even low-skilled attackers can infiltrate high-profile organizations, increasing the likelihood of data breaches. Faster Vulnerability Exploitation The speed of exploitation following vulnerability disclosures has accelerated, with attackers now exploiting disclosed vulnerabilities within days. With the average time-to-exploit shrinking, vendors face growing pressure to patch vulnerabilities immediately, while organizations need robust detection and response systems in place to mitigate risks. Post-Quantum Cryptography Preparations Although quantum computing threats may still be years away, 2025 will see a push toward adopting post-quantum cryptography standards. Companies will need to assess cryptographic dependencies, start inventorying sensitive data, and develop plans to secure it against future quantum-based decryption threats. Also read: 2024 Cybersecurity Trends: Insights from Experts Regional Focus: EMEA and JAPAC Cybersecurity Forecasts EMEA The revised NIS2 Directive will increase cybersecurity responsibilities for critical infrastructure operators in Europe, enforcing higher security standards, incident response requirements, and supply chain security mandates. Compliance will drive significant improvements, but organizations will need to invest in security technologies and staff training to meet these new standards. JAPAC North Korea’s interest in cryptocurrency markets will spur cyber threats across the JAPAC region, while Southeast Asian cybercriminals will continue innovating with AI, deepfake technology, and new cryptocurrency schemes. The report highlights the need for intelligence-sharing between organizations and governments to track and address emerging criminal tactics. AI: Transforming Defense and Enabling Attacks Google also predicted a dual role for AI in 2025, with defenders and attackers alike harnessing its capabilities: Defensive AI will aid cybersecurity teams by streamlining alert triage, handling repetitive tasks, and performing in-depth threat analysis. This “semi-autonomous” phase will integrate AI into daily security operations, reducing analyst workloads and enhancing threat response. Malicious AI will empower attackers to refine social engineering attacks, including phishing and deepfake-driven impersonations. With easier access to generative AI tools, cybercriminals can scale misinformation, develop sophisticated malware, and bypass security checks, posing significant risks for organizations. The Cybersecurity Forecast 2025 report predicts the critical need for organizations to anticipate emerging threats, from AI-enhanced disinformation to quantum computing risks. Proactive planning and investment in advanced cybersecurity solutions, including AI-powered defenses and multi-factor authentication, will be essential to counter evolving attack vectors. Organizations should prioritize threat intelligence to monitor geopolitical developments, strengthen identity management to prevent infostealer exploitation, and implement cloud-specific security protocols. Preparing for post-quantum standards and complying with regulatory directives will further enhance resilience, positioning organizations to navigate the multifaceted cybersecurity landscape of 2025.

image for Australian Critical ...

 Firewall Daily

The Critical Infrastructure Annual Risk Review, published by the Critical Infrastructure Security Centre (CISC), provides an in-depth analysis of the key risks impacting Australia’s critical infrastructure in 2024. This second edition of the report highlights cyber threats across various sectors, underlining the   show more ...

urgent need for improved risk management frameworks such as the Security of Critical Infrastructure Act (SOCI Act) and the Critical Infrastructure Risk Management Program (CIRMP) to safeguard Australia's vital systems.  Key Highlights from Critical Infrastructure Annual Risk Review  One of the most pressing challenges for Australia's critical infrastructure in 2024 is cybersecurity. With frequent cyberattacks targeting critical sectors like healthcare, communications, and energy, there is a growing concern about the potential for these incidents to compromise the integrity, availability, and confidentiality of vital services.  Foreign interference and state-sponsored cyber operations, such as those carried out by groups like Volt Typhoon, are seen as persistent threats, exploiting vulnerabilities in both private and public infrastructure. Additionally, the SOCI Act mandates a proactive approach to managing these risks, urging infrastructure providers to integrate robust cybersecurity measures into their operational frameworks.  Another significant concern is political violence. In 2024, the Australian Security Intelligence Organisation (ASIO) raised the national terrorism threat level to "Probable" due to increasing risks from extremist ideologies. These threats, coupled with foreign espionage, have prompted a reassessment of the vulnerabilities in sectors like energy, telecommunications, and transportation, where disruptions could have cascading effects across the nation. The report also highlights the impact of geopolitical tensions, such as regional instability in the Middle East, on supply chains and infrastructure operations.  The Interconnected Nature of Infrastructure  A central theme of the Critical Infrastructure Annual Risk Review is the interdependency of various infrastructure sectors. A failure in one area, such as the energy grid, can quickly trigger disruptions in other sectors, including water supply, transport, and communications. For instance, a power outage could halt transportation networks, interrupt data storage services, and affect the provision of water and sewage systems, demonstrating the ripple effect of infrastructure failures. As CIRMP outlines, infrastructure owners must assess material risks—both direct and indirect—and prioritize risk mitigation strategies accordingly.  The review also stresses that Australia's critical infrastructure is not immune to natural hazards. Severe weather events, including floods and storms, continue to disrupt services, as seen in 2024 when major flooding delayed freight transport across key routes. This is compounded by the supply chain vulnerabilities, especially for critical resources like lithium, rare-earth metals, and urea, which are crucial for industries ranging from energy to agriculture.  Evolving Threats and Risk Mitigation  A growing concern for infrastructure operators is the increasing sophistication of cyber threats, including the use of artificial intelligence (AI) by attackers. The rapid rise of AI technology has enabled more adaptive and targeted cyberattacks, which can evade traditional defenses. The review points to the convergence of IT, operational technology (OT), and Internet of Things (IoT) systems, which has expanded the potential attack surface for malicious actors. Infrastructure providers are urged to improve coordination between IT and OT teams to detect threats early and respond effectively.  In addition to cybersecurity, supply chain risks are an area of increasing focus. The global demand for critical materials, coupled with supply chain disruptions triggered by geopolitical events or natural disasters, highlights the need for resilience in Australia’s infrastructure systems. Workforce shortages, particularly in sectors like healthcare, aviation, and construction, further exacerbate vulnerabilities, with skilled labor increasingly in demand to fill essential roles.  Strengthening Risk Management Frameworks  To address these challenges, the SOCI Act continues to evolve, tightening security obligations for sectors like telecommunications, aviation, and maritime. The CIRMP encourages infrastructure owners to establish comprehensive risk management programs that adhere to best practices for safeguarding against a wide range of hazards.   These frameworks support the identification of risks across five key categories: cybersecurity, supply chain disruptions, physical security threats, natural hazards, and personnel security. The Australian government, in collaboration with industry stakeholders, has also worked to improve awareness and compliance with the SOCI Act.  

image for How to prevent compa ...

 Business

Serious cybersecurity incidents often impact many different parties — including those who dont typically handle IT or security matters on a daily basis. Of course, the initial response needs to focus on identifying, containing, and recovering from an incident. But once the dust has settled, the time comes for   show more ...

another crucial stage: learning from the experience. What can the incident teach us? How can we improve our chances of preventing similar attacks in the future? These questions are well worth answering — even if the incident caused no significant damage due to an effective response or simply luck. Involving people Incident analysis is important for the whole organization. Its crucial to involve not only IT and security teams but also senior management and IT system stakeholders, as well as any third-party vendors affected by the incident or involved in its response. A productive atmosphere is crucial. Its important to emphasize that this isnt a witch hunt (though mistakes will be discussed). Blame-shifting and manipulating information will only distort the picture, hinder analysis, and harm the organizations long-term security. Many companies keep incident details under wraps, fearing reputational damage or a repeat attack. While this is completely understandable, and certain details should indeed remain confidential, striving for maximum transparency in response is important. Specifics of an attack and response should be shared, if not with the general public, then at least with a trusted circle of peers in the cybersecurity field who can then help others prevent similar attacks on their organizations. Detailed incident analysis Although much incident data is already collected during the response phase, post-incident analysis provides an opportunity for deeper insights. First of all, answer questions like: How and when did the adversary penetrate the organization? What vulnerabilities and technical/organizational weaknesses were exploited? How did the attack unfold? Mapping attacker actions and response efforts on a timeline helps pinpoint when anomalies were detected, how they were identified, what response measures were taken, whether all relevant teams were promptly engaged, and if escalation scenarios were followed. The answers to these questions should be documented meticulously, referencing factual data like SIEM logs, timestamps for task creation in the task manager, timestamps for emails being sent, and so on. This enables you to build a comprehensive and detailed picture, allowing for collective evaluation of both the speed and effectiveness of each response step. Its also necessary to separately assess an incidents impact on other aspects of the business, such as continuity of operations, data integrity and leaks, financial losses (both direct and indirect), and company reputation. This will help balance the scale and cost of the incident against the scale and cost of measures to strengthen information security. Identifying strengths and weaknesses Technical incident reports may seem to contain all the information you need, but in reality they often lack crucial organizational context. A report might state that attackers accessed the system by exploiting a certain vulnerability, and that the organization needs to patch said vulnerability on all servers. However, this superficial analysis overlooks critical questions: How long did this vulnerability remain unpatched after it was disclosed? What other known vulnerabilities exist on the servers? What are the agreed-upon patching SLAs between IT and cybersecurity? Does vulnerability prioritization exist within the company? Each stage and process affected by the incident deserves this level of scrutiny. This holistic approach allows to assess the security landscape flaws that enabled the incident. Its important not to focus solely on the negatives: if certain teams responded quickly and effectively or if existing processes/technologies aided in incident detection or mitigation, these aspects should also be analyzed to understand whether this positive experience can be applied elsewhere. Human error and behavioral factors warrant special attention. What role did they play? Again, the goal isnt to blame but to identify measures to mitigate or balance the inevitable impact of human factors in the future. Planning for improvement This is the most creative and organizationally challenging phase of the incident review. It requires developing effective, realistic steps to address weaknesses within resource constraints. Involving senior management in this process is especially beneficial — as the saying goes, cybersecurity budgets are never approved faster than after a major incident. Several aspects should be considered in the plan: IT asset map update. The incident may have revealed a lot of new information about how the companys data is processed and how processes are implemented in general. Its often necessary to update priorities, reflecting a better understanding of which assets require the most protection. Detection and response technologies. By analyzing which stages of the attack went undetected by defenders, and which technical measures were missing to stop the attacks progression, the team can plan to implement additional security tools, such as EDR, SIEM, and NGFW. Sometimes it becomes clear that while the necessary tools seem to be in place, they lack automation (for example, automated response playbooks), or data streams (such as threat intelligence feeds). Or, perhaps, log storage practices facilitated their wholesale deletion by the attackers. Technology enhancements should receive special attention if the analysis showed that defenders spent an excessive amount of time manually searching for compromised hosts or other laborious tasks, lacked access to critical information, or didnt have the tools for enterprise-wide response. Processes and policies. Having determined whether the incident occurred due to violations of existing policies or their absence, its essential to address this by revisiting the entire chain of events, correcting any identified process deficiencies, and reflecting these corrections in the security policy. Ranging from processes, policies, and regulatory timelines for vulnerability and account management, to incident response playbooks — the revised company processes should ensure the prevention of any similar future incidents. The overall incident response plan should also be updated and refined based on practical experience. Its important to clarify which parties were unable to fully participate in the process, and how to organize rapid communication between them to ensure swift decision-making in emergencies. Proactive measures: technology. Incidents provide an opportunity to take a fresh look at existing practices for account management and patch management. Step-by-step improvements should be planned in areas where the company hasnt followed best practices: implementing the principle of least privilege and centralized identity management, and prioritizing and systematically addressing key infrastructure vulnerabilities. Proactive measures: people. Each human error requires corrective measures — targeted training or even drills tailored to individual roles. Its worth discussing what training is necessary for specific individuals, departments, or the entire organization. A major incident can be a powerful wake-up call, emphasizing the importance of information security and driving engagement in cybersecurity awareness training, even among those who usually downplay its importance. Following updated processes may be more challenging — requiring a special effort in training. Reminders from management and an incentive program may be necessary to ensure the updated regulations are fully adopted. Preparing for the next incident All of the measures listed above will enhance cybersecurity resilience, and readiness for incidents — in theory. But to be sure of the result, its worth validating their effectiveness through cybersecurity exercises, penetration testing, or red teaming. These simulations of real cyber-incidents serve different purposes, so which combination is most suitable depends on the organization and the measures taken post-incident. Implementing all the improvements and updated security measures can be a lengthy, phased process, so regular meetings with all involved parties are necessary to collect feedback, discuss implementation, address challenges, and explore further security enhancements. To ensure these meetings are not mere empty talk, its essential to agree on specific metrics and milestones to track progress effectively.

 Feed

This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation,   show more ...

commands will get executed in the context of www-data. When credentials are provided, this module will only exploit the second vulnerability. If no credentials are provided, the module will first try to reset the admin password and then perform the OS command injection.

 Feed

Ubuntu Security Notice 7089-4 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 7105-1 - It was discovered that the NrbfDecoder component in .NET did not properly handle an instance of a type confusion vulnerability. An authenticated attacker could possibly use this issue to gain the privileges of another user and execute arbitrary code. It was discovered that the   show more ...

NrbfDecoder component in .NET did not properly perform input validation. An unauthenticated remote attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 7103-1 - It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Ghostscript incorrectly handled parsing certain   show more ...

PDF files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.

 Feed

Ubuntu Security Notice 7101-1 - It was discovered that Pydantic incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause a denial of service via a crafted email string.

 Feed

Ubuntu Security Notice 7100-2 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to   show more ...

cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Red Hat Security Advisory 2024-9525-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a HTTP request smuggling vulnerability.

 Feed

Red Hat Security Advisory 2024-9524-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a HTTP request smuggling vulnerability.

 Feed

Red Hat Security Advisory 2024-9501-03 - An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a HTTP request smuggling vulnerability.

 Feed

Red Hat Security Advisory 2024-9500-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

 Feed

This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation,   show more ...

commands will get executed in the context of www-data. When credentials are provided, this module will only exploit the second vulnerability. If no credentials are provided, the module will first try to reset the admin password and then perform the OS command injection.

 Feed

A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis. "The [Israel-Hamas] conflict has not disrupted the WIRTE's

 Feed

Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker's inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted

 Feed

The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that

 Feed

A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and

 Feed

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. "The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said

 Feed

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in

 Feed

ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Pentagon Secrets Leaker Jack Teixeira Sentenced to 15 Years in Prison by a Federal Judge – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CVE-2024-43451

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Microsoft Confirms Zero-Day Exploitation of Task Scheduler Flaw   show more ...

– Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Adobe

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop,   show more ...

InDesign, Illustrator – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada GitLoker Strikes Again: New “Goissue” Tool Targets GitHub   show more ...

Developers and Corporate Supply Chains – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Ahold Delhaize

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Ahold Delhaize Cybersecurity Incident Impacts Giant Food,   show more ...

Hannaford – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada SAP Patches High-Severity Vulnerability in Web Dispatcher – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Form I-9 Compliance Data Breach Impacts Over 190,000 People – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Millions of Hot Topic Customers Impacted by Data Breach – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Middle East Cybersecurity Efforts Catch Up After Late Start – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada 2 Zero-Day Bugs in Microsoft’s Nov. Update Under Active   show more ...

Exploit – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Amazon

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Amazon Employee Data Compromised in MOVEit Breach – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CrowdStrike

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada CrowdStrike Spends to Boost Identity Threat Detection – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Piotr Swat via Alamy Stock Photo Researchers have uncovered a tool aimed at targeting GitHub users, distributed on a cybercrime forum. It offers bulk developer credential theft and the ability to conduct further malicious   show more ...

activities, including supply chain attacks. The tool — called GoIssue and potentially […] La entrada ‘GoIssue’ Cybercrime Tool Targets GitHub Developers En Masse – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: JHVEPhoto via Shutterstock Very swiftly after disclosing them, Citrix has issued patches for two vulnerabilities in its Citrix Virtual Apps and Desktop technology that allow a remote attacker escalate privileges or execute code of   show more ...

their choice on vulnerable systems. Citrix has described the remote code execution […] La entrada Citrix Issues Patches for Zero-Day Recording Manager Bugs – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Source: Brian Jackson via Alamy Stock PhotoSource: [Ed. note, Nov. 12 at 12:30 p.m. ET: Citrix has now issued patches for the issue and assigned CVE-2024-8068/CVE-2024-8069 for tracking.] An unpatched zero-day vulnerability in   show more ...

Citrix’s Session Recording Manager allows unauthenticated remote code execution (RCE, paving […] La entrada Citrix ‘Recording Manager’ Zero-Day Bug Allows Unauthenticated RCE – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Interlock Ransomware Detection: High-Profile and   show more ...

Double-Extortion Attacks Using a New Ransomware Variant – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSO and CISO

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada The CISO paradox: With great responsibility comes little or no   show more ...

power – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada 9 unverzichtbare Open Source Security Tools – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Amazon

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Amazon MOVEit Leaker Claims to Be Ethical Hacker – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Microsoft Fixes Four More Zero-Days in November Patch Tuesday   show more ...

– Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada TA455’s Iranian Dream Job Campaign Targets Aerospace with   show more ...

Malware – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Phishing Tool GoIssue Targets Developers on GitHub – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.hackerone.com – Author: johnk. The European Commission has selected HackerOne as the platform for their first ever bug bounty program. This not only expands the number of government agencies that have selected HackerOne, it is our first project with the European Union’s executive arm. This bug   show more ...

bounty program was made possible based on the […] La entrada The European Commission’s First-Ever Bug Bounty Program – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Google Cloud to Assign CVEs to Critical Vulnerabilities  – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISA KEV

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Citrix, Cisco, Fortinet Zero-Days Among 2023s Most Exploited   show more ...

Vulnerabilities – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 amd

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8   show more ...

New Advisories – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Ivanti Patches 50 Vulnerabilities Across Several Products – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-11
Aggregator history
Wednesday, November 13
FRI
SAT
SUN
MON
TUE
WED
THU
NovemberDecemberJanuary