(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCategory: Dynamic Threat Feeds
Cleo MFT: CVE-2024-50623
What is CVE-2024-50623CVE-2024-50623 is a critical unrestricted file upload and download vulnerability that could lead to remote code execution (RCE).What are the affected products?The vulnerability affects Cleo's managed file transfer (MFT) products Harmony, VLTrader, and LexiCom
Continue ReadingGeolocation and Starlink, (Tue, Jan 21st)
Until now, satellite internet access has been more of a niche solution for internet access. But with the wide availability of Starlink, this is changing. Starlink's performance and price are competitive for many rural users to
Continue ReadingSecuring Cryptocurrency Organizations
Written by: Joshua Goddard The Rise of Crypto Heists and the Challenges in Preventing Them Cryptocurrency crime encompasses a wide range of illegal activities, from theft and hacking to fraud, money laundering, and even terrorist financing,
Continue ReadingTraffic Alert and Collision Avoidance System (TCAS) II
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable from adjacent network Standard: Traffic Alert and Collision Avoidance System (TCAS) II Equipment: Collision Avoidance Systems Vulnerabilities: Reliance on Untrusted Inputs in a Security Decision, External
Continue ReadingSiemens SIMATIC S7-1200 CPUs
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories
Continue ReadingZF Roll Stability Support Plus (RSSPlus)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: ZF Equipment: RSSPlus Vulnerability: Authentication Bypass By Primary Weakness 2. RISK EVALUATION Successful exploitation of this vulnerability could allow
Continue ReadingCISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems (ICS) advisories on January 21, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-021-01 Traffic Alert and Collision Avoidance System (TCAS) II ICSA-25-021-02
Continue ReadingAnnual Payment Fraud Intelligence Report: 2024
SummaryThe 2024 Payment Fraud Intelligence Report from Recorded Future highlights a year of significant evolution in the fraud landscape, setting the stage for challenges in 2025. Key findings include a surge in stolen card data, with
Continue ReadingISC Stormcast For Tuesday, January 21st, 2025 https://isc.sans.edu/podcastdetail/9288, (Tue, Jan 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue Reading