Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the
Continue ReadingMonth: October 2024
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems (ICS) advisories on October 29, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-303-01 Siemens InterMesh Subscriber Devices ICSA-24-303-02 Solar-Log Base 15 ICSA-24-303-03
Continue ReadingSiemens InterMesh Subscriber Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories
Continue ReadingDelta Electronics InfraSuite Device Master
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an
Continue ReadingSolar-Log Base 15
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Solar-Log Equipment: Base 15 Vulnerability: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful
Continue ReadingISC Stormcast For Tuesday, October 29th, 2024 https://isc.sans.edu/podcastdetail/9200, (Tue, Oct 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingApple Updates Everything, (Mon, Oct 28th)
Today, Apple released updates for all of its operating systems. These updates include new AI features. For iOS 18 users, the only upgrade path is iOS 18.1, which includes the AI features. Same for users of
Continue ReadingCybersecurity Awareness Month: Gamifying Cybersecurity Training
At Recorded Future, we believe cybersecurity training should be engaging and effective. That's why we incorporate gamification into our annual and quarterly tabletop exercises. We ensure our employees are prepared to handle real-world security threats by
Continue ReadingHybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives
In September 2024, Google Threat Intelligence Group (consisting of Google’s Threat Analysis Group (TAG) and Mandiant) discovered UNC5812, a suspected Russian hybrid espionage and influence operation, delivering Windows and Android malware using a Telegram persona named
Continue ReadingSelf-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials, (Mon, Oct 28th)
Phishing authors have long ago discovered that adding HTML attachments to the messages they send out can have significant benefits for them – especially since an HTML file can contain an entire credential-stealing web page and
Continue Reading