Written by: Thibault Van Geluwe de Berlaere Executive Summary Browser isolation is a security technology where web browsing activity is separated from the user's local device by running the browser in a secure environment, such as
Continue ReadingCategory: Dynamic Threat Feeds
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-51378 CyberPanel Incorrect Default Permissions Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and
Continue ReadingISC Stormcast For Wednesday, December 4th, 2024 https://isc.sans.edu/podcastdetail/9240, (Wed, Dec 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingData Analysis: The Unsung Hero of Cybersecurity Expertise [Guest Diary], (Wed, Dec 4th)
[This is a Guest Diary by Robert Cao, an ISC intern as part of the SANS.edu BACS program] As a cybersecurity professional, I've always prided myself on my technical skills—understanding protocols, setting up secure systems, and
Continue Reading2024 State of Threat Intelligence Infographic
Every year, enterprise organizations invest tens to hundreds of thousands of dollars in threat intelligence to identify and mitigate major risks to the business. Their data reputation and revenue are worth millions or even billions of
Continue ReadingCISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-45727 North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability CVE-2024-11680 ProjectSend Improper Authentication Vulnerability CVE-2024-11667 Zyxel Multiple Firewalls
Continue ReadingCISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers
Today, CISA—in partnership with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners—released joint guidance, Enhanced Visibility and Hardening Guidance for Communications Infrastructure. Partners of this guidance include: Australian Signals Directorate’s
Continue ReadingFuji Electric Monitouch V-SFT
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Monitouch V-SFT Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed. 3.
Continue ReadingCISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems (ICS) advisories on December 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-338-01 Ruijie Reyee OS ICSA-24-338-02 Siemens RUGGEDCOM APE1808 ICSA-24-338-03 Open
Continue ReadingOpen Automation Software
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Open Automation Software Equipment: Open Automation Software Vulnerability: Incorrect Execution-Assigned Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an
Continue Reading