Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following
Continue ReadingCategory: Dynamic Threat Feeds
Microsoft Patch Tuesday – October 2024, (Tue, Oct 8th)
Microsoft today released patches for 117 vulnerabilities. Three additional vulnerabilities apply to Chromium/Edge. Another three vulnerabilities are rated critical. Five of the vulnerabilities were disclosed before today. Two vulnerabilities were not only disclosed but also exploited,
Continue ReadingCISA and FBI Release Fact Sheet on Protecting Against Iranian Targeting of Accounts Associated with National Political Organizations
Today, CISA and the Federal Bureau of Investigation (FBI) released joint fact sheet, How to Protect Against Iranian Targeting of Accounts Associated with National Political Organizations. This fact sheet provides information about threat actors affiliated with
Continue ReadingCISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43047 Qualcomm Multiple Chipsets Use-After-Free Vulnerability CVE-2024-43572 Microsoft Windows Management Console Remote Code Execution Vulnerability CVE-2024-43573 Microsoft Windows MSHTML
Continue ReadingAvoid Scams After Disaster Strikes
As hurricanes and other natural disasters occur, CISA urges individuals to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise
Continue ReadingISC Stormcast For Tuesday, October 8th, 2024 https://isc.sans.edu/podcastdetail/9170, (Tue, Oct 8th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingmacOS Sequoia: System/Network Admins, Hold On!, (Mon, Oct 7th)
It's always tempting to install the latest releases of your preferred software and operating systems. After all, that's the message we pass to our beloved users: "Patch, patch, and patch again!". Last week, I was teaching
Continue ReadingISC Stormcast For Monday, October 7th, 2024 https://isc.sans.edu/podcastdetail/9168, (Mon, Oct 7th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingWhy You Won’t Want to Miss D.C. Predict 2024
Ransomware attacks are surging, geopolitical conflicts are spilling into cyberspace, and thanks to AI the threat landscape is evolving faster than ever. Security teams are stretched thin, trying to stay ahead of adversaries while justifying budgets
Continue ReadingSurvey of CUPS exploit attempts, (Fri, Oct 4th)
It is about a week since the release of the four CUPS remote code execution vulnerabilities. After the vulnerabilities became known, I configured one of our honeypots that watches a larger set of IPs to specifically
Continue Reading