Blogs - Security
CVE / NIST
CISA Blog
CISA News
Cybersecurity Advisories
ICS Advisories
ICS Medical Advisories
Packet Storm Security
The Hacker News
CISA Blog
- CISA’s Efforts Towards Software Understanding 2024-04-26 CISA
- Cyber Hygiene Helps Organizations Mitigate Ransomware-Related Vulnerabilities 2024-04-25 CISA
- The P25 Steering Committee, the Compliance Assessment Process and Procedures Task Group (CAPPTG), and the Joint SAFECOM-NCSWIC P25 User Needs Working Group (UNWG) release Project 25 Link Layer Encryption Informational Session 2024-04-25 CISA
- Secure by Design Turns 1! 2024-04-23 CISA
- Resilient Together with Priority Telecommunications Services (PTS) 2024-04-23 CISA
- NCSWIC Releases Roles and Responsibilities: Statewide Interoperability Coordinators Document 2024-04-19 CISA
- SAFECOM Publishes SAFECOM Governance Operating Processes and Procedures (March 2024 Update) 2024-04-19 CISA
- Resilient Together, Highlighting the Importance of Emergency Communications 2024-04-16 CISA
- Idaho’s Higher Ed Leaders Participate in CISA-Led Cybersecurity Exercise 2024-04-15Higher education leaders from across Idaho gathered for a CISA-Led Cybersecurity Exercise.CISA
- CISA Plays Important Role in Northwest Economic Summit 2024-04-15Region 10 Protective Security Chief, Allen Chung presented at the recent Asian American, Native Hawaiian, Pacific Islander (AANHPI) Economic Summit.CISA
CISA News
- CISA Releases Physical Security Checklist to Help Election Officials Secure Polling Locations 2024-04-22 CISA
- CISA Announces Winners of the 5th Annual President’s Cup Cybersecurity Competition 2024-04-19 CISA
- CISA, FBI, and ODNI Release Guidance for Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations 2024-04-17 CISA
- CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat 2024-04-11 CISA
- CISA Announces Malware Next-Gen Analysis 2024-04-10 CISA
- CISA Publishes High-Risk Communities Webpage 2024-04-02 CISA
- April is Emergency Communications Month 2024-04-01 CISA
- CISA Marks Important Milestone in Addressing Cyber Incidents; Seeks Input on CIRCIA Notice of Proposed Rulemaking 2024-03-27 CISA
- CISA, DC HSEMA and Regional Partners Conduct Exercise to Ensure National Capital Region Water Service Resilience 2024-03-22 CISA
- CISA Publishes Repository for Software Attestation and Artifacts 2024-03-18 CISA
CISA Blog
- CISA’s Efforts Towards Software Understanding 2024-04-26 CISA
- Cyber Hygiene Helps Organizations Mitigate Ransomware-Related Vulnerabilities 2024-04-25 CISA
- The P25 Steering Committee, the Compliance Assessment Process and Procedures Task Group (CAPPTG), and the Joint SAFECOM-NCSWIC P25 User Needs Working Group (UNWG) release Project 25 Link Layer Encryption Informational Session 2024-04-25 CISA
- Secure by Design Turns 1! 2024-04-23 CISA
- Resilient Together with Priority Telecommunications Services (PTS) 2024-04-23 CISA
- NCSWIC Releases Roles and Responsibilities: Statewide Interoperability Coordinators Document 2024-04-19 CISA
- SAFECOM Publishes SAFECOM Governance Operating Processes and Procedures (March 2024 Update) 2024-04-19 CISA
- Resilient Together, Highlighting the Importance of Emergency Communications 2024-04-16 CISA
- Idaho’s Higher Ed Leaders Participate in CISA-Led Cybersecurity Exercise 2024-04-15Higher education leaders from across Idaho gathered for a CISA-Led Cybersecurity Exercise.CISA
- CISA Plays Important Role in Northwest Economic Summit 2024-04-15Region 10 Protective Security Chief, Allen Chung presented at the recent Asian American, Native Hawaiian, Pacific Islander (AANHPI) Economic Summit.CISA
ICS Advisories
- Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW 2024-04-25As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity […]CISA
- Hitachi Energy MACH SCM 2024-04-25View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: MACH SCM Vulnerabilities: Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The […]CISA
- Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC 2024-04-25View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Vulnerabilities: Exposed Dangerous Method or Function, Absolute Path Traversal, Stack-based Buffer Overflow, Debug Messages Revealing Unnecessary Information, Out-of-bounds Write, Heap-based Buffer Overflow, Binding to an Unrestricted IP […]CISA
- Multiple Vulnerabilities in Hitachi Energy RTU500 Series 2024-04-25View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerabilities: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's […]CISA
- Unitronics Vision Legacy series 2024-04-18View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Unitronics Equipment: Vision Legacy series Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to log in to the Remote HMI feature, where the PLC may be factory reset, stopped, and […]CISA
- Electrolink FM/DAB/TV Transmitter 2024-04-16View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Electrolink Equipment: FM/DAB/TV Transmitter Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and Integrity Checking, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow […]CISA
- RoboDK RoboDK 2024-04-16View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low attack complexity Vendor: RoboDK Equipment: RoboDK Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker crashing the program through heap-based buffer overflow. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of RoboDK, a robotics development software, […]CISA
- Measuresoft ScadaPro 2024-04-16View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Measuresoft Equipment: ScadaPro Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges from unprivileged to SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ScadaPro, a supervisory control […]CISA
- Rockwell Automation ControlLogix and GuardLogix 2024-04-16View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, 1756-EN4TR Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a major nonrecoverable fault (MNRF) resulting in the product to become unavailable. 3. […]CISA
- Siemens RUGGEDCOM APE1808 before V11.0.1 2024-04-11As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely/low attack complexity […]CISA
ICS Medical Advisories
- Santesoft Sante FFT Imaging 2024-03-05View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante FFT Imaging Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code once a user opens a malicious DCM file on affected FFT Imaging installations. 3. TECHNICAL DETAILS 3.1 […]CISA
- MicroDicom DICOM Viewer 2024-02-29View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Heap-based Buffer Overflow, Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption issues leading to execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions […]CISA
- Santesoft Sante DICOM Viewer Pro 2024-02-27View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following […]CISA
- Orthanc Osimis DICOM Web Viewer 2024-01-23View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Orthanc Equipment: Osimis Web Viewer Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code inside the victim's browser. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Osimis Web […]CISA
- BD FACSChorus 2023-11-28View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: FACSChorus Vulnerabilities: Missing Protection Mechanism for Alternate Hardware Interface, Missing Authentication for Critical Function, Improper Authentication, Use of Hard-coded Credentials, Insecure Inherited Permissions, 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with […]CISA
- Santesoft Sante FFT Imaging 2023-10-11View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante FFT Imaging Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesof products are affected: Sante FFT Imaging: […]CISA
- Santesoft Sante DICOM Viewer Pro 2023-10-11View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft products are […]CISA
- Softneta MedDream PACS 2023-09-051. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Softneta Equipment: MedDream PACS Vulnerabilities: Exposed Dangerous Method or Function, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain and leak plaintext credentials or remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED […]CISA
- BD Alaris System with Guardrails Suite MX (Update A) 2023-07-13View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris PCU, Guardrails Editor, Systems Manager, Calculation Services, CQI Reporter Vulnerabilities: Insufficient Verification of Data Authenticity, Missing Authentication for Critical Function, Improper Verification of Cryptographic Signature, Missing Support for Integrity Check, Cross-site Scripting, Cleartext Transmission of […]CISA
- Medtronic Paceart Optima System 2023-06-291. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Medtronic Equipment: Paceart Optima System Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could result in remote code execution or a denial-of-service condition impacting a healthcare delivery organization’s Paceart Optima system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The […]CISA
Packet Storm
- The Not-So-Silent Type 2024-04-26Whitepaper called The not-so-silent type - Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers.
- Ubuntu Security Notice USN-6754-1 2024-04-26Ubuntu Security Notice 6754-1 - It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that nghttp2 incorrectly handled request cancellation. […]
- Ubuntu Security Notice USN-6753-1 2024-04-26Ubuntu Security Notice 6753-1 - Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attacker could possibly use this issue to expose sensitive information.
- Debian Security Advisory 5674-1 2024-04-26Debian Linux Security Advisory 5674-1 - It was discovered that PDNS Recursor, a resolving name server, was susceptible to denial of service if recursive forwarding is configured.
- Ubuntu Security Notice USN-6751-1 2024-04-26Ubuntu Security Notice 6751-1 - It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting attacks.
- Ubuntu Security Notice USN-6752-1 2024-04-26Ubuntu Security Notice 6752-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service.
- Red Hat Security Advisory 2024-2066-03 2024-04-26Red Hat Security Advisory 2024-2066-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
- Red Hat Security Advisory 2024-2064-03 2024-04-26Red Hat Security Advisory 2024-2064-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
- Red Hat Security Advisory 2024-2063-03 2024-04-26Red Hat Security Advisory 2024-2063-03 - An update for yajl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, integer overflow, and memory leak vulnerabilities.
- Red Hat Security Advisory 2024-2062-03 2024-04-26Red Hat Security Advisory 2024-2062-03 - An update is now available for Service Telemetry Framework 1.5.4 for RHEL 9. Issues addressed include a denial of service vulnerability.
- Red Hat Security Advisory 2024-1899-03 2024-04-26Red Hat Security Advisory 2024-1899-03 - Red Hat OpenShift Container Platform release 4.12.56 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
- Red Hat Security Advisory 2024-1896-03 2024-04-26Red Hat Security Advisory 2024-1896-03 - Red Hat OpenShift Container Platform release 4.12.56 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.
- Red Hat Security Advisory 2024-1892-03 2024-04-26Red Hat Security Advisory 2024-1892-03 - Red Hat OpenShift Container Platform release 4.15.10 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
- Red Hat Security Advisory 2024-1887-03 2024-04-26Red Hat Security Advisory 2024-1887-03 - Red Hat OpenShift Container Platform release 4.15.10 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
- Powerful Brokewell Android Trojan Allows Device Takeover 2024-04-26
- Over 1,400 CrushFTP Instances Vulnerable To Exploited 0-Day 2024-04-26
- Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead 2024-04-26
- 750 Million Vulnerable To Snooping From Chinese Keyboard Apps 2024-04-26
- Ubuntu Security Notice USN-6750-1 2024-04-25Ubuntu Security Notice 6750-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Bartek Nowotarski discovered that […]
- Ubuntu Security Notice USN-6743-3 2024-04-25Ubuntu Security Notice 6743-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
The Hacker News
- Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw 2024-04-27Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with
- Bogus npm Packages Used to Trick Software Developers into Installing Malware 2024-04-27An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked
- Severe Flaws Disclosed in Brocade SANnav SAN Management Software 2024-04-26Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them. The issues range from incorrect firewall rules,
- 10 Critical Endpoint Security Tips You Should Know 2024-04-26In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT
- New 'Brokewell' Android Malware Spread Through Fake Browser Updates 2024-04-26Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development,
- Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack 2024-04-26Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in
- Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites 2024-04-26Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.92.0. The issue has been resolved in version […]
- North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures 2024-04-25The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT as part of attacks targeting specific individuals in the Asia region in summer 2023. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load […]
- Network Threats: A Step-by-Step Attack Demonstration 2024-04-25Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit
- DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions 2024-04-25The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds. To that end, Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged
- Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny 2024-04-25Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end […]
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage 2024-04-25A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft). "UAT4356
- U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks 2024-04-24The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021. This includes the front companies Mehrsam Andisheh Saz Nik (MASN) and Dadeh
- Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike 2024-04-24Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver a malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software. "SSLoad is designed to stealthily infiltrate systems, gather sensitive
- Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users 2024-04-24Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose keyboard app did not have any security
- CISO Perspectives on Complying with Cybersecurity Regulations 2024-04-24Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance is a time-consuming, high-stakes process that demands strong organizational and
- eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners 2024-04-24A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed
- CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers 2024-04-24A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024. Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin
- Apache Cordova App Harness Targeted in Dependency Confusion Attack 2024-04-23Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the same name to a public package repository. This&
- Webinar: Learn Proactive Supply Chain Threat Hunting Techniques 2024-04-23In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and third-party dependencies to breach even the most formidable defenses. But what if you could turn the tables and proactively hunt these threats before they wreak havoc? We invite […]