Editor's note: The following blog post originally appeared on Levi Gundert's Substack page.Gartner estimates that 5% of large enterprises currently maintain cyber-fraud fusion centers, which is expected to jump to 20% by 2028. Fusion sounds high
Continue ReadingBlog
Microsoft Releases December 2024 Security Updates
Microsoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the
Continue ReadingMicrosoft Patch Tuesday: December 2024, (Tue, Dec 10th)
Microsoft today released patches for 71 vulnerabilities. 16 of these vulnerabilities are considered critical. One vulnerability (CVE-2024-49138) has already been exploited, and details were made public before today's patch release. Significant Vulnerabilities CVE-2024-49138: This vulnerability affects
Continue ReadingAdobe Releases Security Updates for Multiple Products
Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Acrobat, Adobe Illustrator, and Adobe InDesign. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected
Continue ReadingOperational Disruption, Legal Risk, and Churn From Lost Consumer Trust Drive
Recorded Futures Insikt Group identified a 76% increase in publicly reported data breaches from 2022 to 2023. While 2024 data is not yet complete, Recorded Future data on validated data breaches project a further 5% increase
Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability These types of vulnerabilities are frequent
Continue ReadingSchneider Electric FoxRTU Station
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: FoxRTU Station Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of
Continue ReadingNational Instruments LabVIEW
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or
Continue ReadingSchneider Electric EcoStruxure Foxboro DCS Core Control Services
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Foxboro DCS Core Control Services Vulnerabilities: Out-of-bounds Write, Improper Validation of Array Index, Improper Input Validation 2. RISK EVALUATION
Continue ReadingCISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems (ICS) advisories on December 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-345-01 MOBATIME Network Master Clock ICSA-24-345-02 Schneider Electric EcoStruxure Foxboro
Continue Reading