(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingMonth: July 2024
Cisco Releases Security Updates for Multiple Products
Cisco released security updates to address vulnerabilities in Cisco software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following
Continue ReadingIvanti Releases Security Updates for Endpoint Manager
Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM) and Ivanti Endpoint Manager for Mobile (EPMM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Continue ReadingOracle Releases Critical Patch Update Advisory for July 2024
Oracle released its quarterly Critical Patch Update Advisory for July 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages
Continue ReadingDespite Sanctions, North Koreans Continue to Use Foreign Technology
Summary:Insikt Group's recent analysis reveals that North Koreans continue to use foreign technology to access the internet despite heavy sanctions. This includes Apple, Samsung, and Huawei devices, as well as various social media platforms. A notable
Continue ReadingSecurity Challenges Rise as QR Code and AI-Generated Phishing Proliferate
SummaryBetween Q4 2023 and Q1 2024, cybercriminals increasingly used QR codes and AI-generated phishing tactics to target executives, exploiting AWS SNS for malicious SMS and VAST tags for malvertising. These sophisticated methods enable threat actors to
Continue ReadingCISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems (ICS) advisories on July 18, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-200-01 Mitsubishi Electric MELSOFT MaiLab ICSA-24-200-02 Subnet Solutions PowerSYSTEM Center
Continue ReadingMitsubishi Electric MELSOFT MaiLab
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSOFT MaiLab Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote
Continue ReadingPhilips Vue PACS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Philips Equipment: Vue PACS Vulnerabilities: Out-of-bounds Write, Deserialization of Untrusted Data, Uncontrolled Resource Consumption, Improper Privilege Management, Use of Default Credentials, Weak
Continue ReadingSubnet Solutions PowerSYSTEM Center
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Subnet Solutions Inc. Equipment: Subnet PowerSYSTEM Center Vulnerability: Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated
Continue Reading