Attack Feeds
A Dallas, Texas-based clinical research firm had its database exposed, containing sensitive personal healthcare records of over 1.6… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Gov/ISAC Feeds
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack … Read More “Siemens SiPass Integrated – All CISA Advisories” »
Gov/ISAC Feeds
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain access to devices without proper authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports the … Read More “ABB ASPECT-Enterprise, NEXUS, and MATRIX Series – All CISA Advisories” »
Gov/ISAC Feeds
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: Medixant Equipment: RadiAnt DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a machine-in-the-middle attack (MITM), resulting in malicious updates being delivered to the user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS … Read More “Medixant RadiAnt DICOM Viewer – All CISA Advisories” »
Gov/ISAC Feeds
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FLXEON Controllers Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’), Missing Origin Validation in WebSockets, Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow … Read More “ABB FLXEON Controllers – All CISA Advisories” »
Gov/ISAC Feeds
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rapid … Read More “Rapid Response Monitoring My Security Account App – All CISA Advisories” »
Gov/ISAC Feeds
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elseta Equipment: Vinci Protocol Analyzer Vulnerability: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform code execution on the affected … Read More “Elseta Vinci Protocol Analyzer – All CISA Advisories” »
Privacy/Governance Feed
Mobile phishing attacks surged in 2024, with 16% of all incidents occurring in the US, according to a new Zimperium report – Read More –
Privacy/Governance Feed
A survey by IANS and Artico found significant regional variation in cybersecurity salary levels across North America – Read More –
Attack Feeds
Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima, – Read More – The … Read More “North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware – The Hacker News” »
Privacy/Governance Feed
Kela researchers 330 million compromised credentials to infostealer activity on over four million machines in 2024 – Read More –
Attack Feeds
FBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Privacy/Governance Feed
Palo Alto Networks has observed exploit attempts chaining three vulnerabilities in its PAN-OS firewall appliances – Read More –
Attack Feeds
A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. “The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation,” the AhnLab SEcurity Intelligence … Read More “Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives – The Hacker News” »
Attack Feeds
A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases. The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw – … Read More “Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware – The Hacker News” »
Attack Feeds
The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. This is not an optional requirement as non-compliance may result … Read More “PCI DSS 4.0 Mandates DMARC By 31st March 2025 – The Hacker News” »
Attack Feeds
For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks – Read More – … Read More “Microsoft’s End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now – The Hacker News” »
Privacy/Governance Feed
CISA and the FBI have released a joint advisory detailing the activity of China’s Ghost ransomware – Read More –
Attack Feeds
Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below – CVE-2025-21355 (CVSS score: 8.6) – Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) – Microsoft Power Pages Elevation of Privilege Vulnerability … Read More “Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability – The Hacker News” »
Attack Feeds
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions. The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0 It has been described as a case … Read More “Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability – The Hacker News” »
Attack Feeds
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions. The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0 It has been described as a case … Read More “Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability – The Hacker News” »
Attack Feeds
Russian state threat groups have compromised Signal accounts used by Ukrainian military and government personnel to eavesdrop on real-time communications, Google Threat Intelligence Group said in a report released Wednesday. “This is a persistent, ongoing campaign being carried out by multiple different Russia-aligned threat actors,” Dan Black, principal analyst at Google Threat Intelligence Group, said … Read More “Russia-aligned threat groups dupe Ukrainian targets via Signal – CyberScoop” »
Attack Feeds
Federal agencies need help from stakeholders outside of government to solve some of the harder technical barriers in setting up zero-trust architecture in their networks, the Department of Energy’s chief information security officer said Wednesday. Speaking at CyberScoop’s Zero Trust Summit in Washington D.C., Paul Selby urged technology manufacturers and experts to work with federal … Read More “Energy CISO: Agencies can’t implement zero trust alone – CyberScoop” »
Attack Feeds
One of the most notable elements of the monumental hack of major telecommunications companies is just how “indiscriminate” it was in its pursuit of data, a top FBI official said Wednesday. The FBI has been investigating the breach, which it has blamed on Chinese government hackers commonly known as Salt Typhoon. “What we found particularly … Read More “Salt Typhoon telecom breach remarkable for its ‘indiscriminate’ targeting, FBI official says – CyberScoop” »
Attack Feeds
Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. “The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app’s legitimate ‘linked devices’ feature that enables Signal to be used on … Read More “Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes – The Hacker News” »
Attack Feeds
Is your Signal, WhatsApp, or Telegram account safe? Google warns of increasing attacks by Russian state-backed groups. Learn… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Gov/ISAC Feeds
Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see … Read More “#StopRansomware: Ghost (Cring) Ransomware – CISA Cybersecurity Advisories” »
Gov/ISAC Feeds
Join the Industrial Control System Community of Interest (ICS COI), and help build CNI expertise across the UK. – Read More – NCSC Feed
Privacy/Governance Feed
A flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers – Read More –
Attack Feeds
Cary, North Carolina, 19th February 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Privacy/Governance Feed
Finastra notifies customers of data breach that took place more than three months ago, impacting sensitive financial information – Read More –
Gov/ISAC Feeds
Assessing the cyber security threat to UK Universities – Read More – NCSC Feed
Gov/ISAC Feeds
Assessing the cyber security threat to UK organisations using Enterprise Connected Devices. – Read More – NCSC Feed
Gov/ISAC Feeds
The NCSC has published a new RFC on Indicators of Compromise to support cyber security in protocol design – and hopes to encourage more cyber defenders to engage with international standards. – Read More – NCSC Feed
Gov/ISAC Feeds
A structured look at what data to collect for security purposes and when to collect it. – Read More – NCSC Feed
Gov/ISAC Feeds
Focused on automating UEFI firmware updates on Windows devices. – Read More – NCSC Feed
Gov/ISAC Feeds
How charities can erase personal data from donated laptops, phones and tablets, before passing them on. – Read More – NCSC Feed
Gov/ISAC Feeds
Some tips on good diagram drafting and pitfalls to avoid when trying to understand a system in order to secure it. – Read More – NCSC Feed
Gov/ISAC Feeds
Worked examples for Operational Technology and Virtualised systems, using the NCSC’s secure design principles – Read More – NCSC Feed
Privacy/Governance Feed
Australia-based Genea said it is investigating the cyber incident to determine whether any personal data was accessed by an unauthorized third party – Read More –
Gov/ISAC Feeds
Implementing asset management for good cyber security. – Read More – NCSC Feed
Gov/ISAC Feeds
A new visual guide to the cyber security principles that are essential when developing and managing ‘smart cities’. – Read More – NCSC Feed
Gov/ISAC Feeds
This guidance describes a set of technical security outcomes that are considered to represent appropriate measures under the GDPR. – Read More – NCSC Feed
Gov/ISAC Feeds
The following tips can help organisations create their own cyber incident response exercises. – Read More – NCSC Feed
Gov/ISAC Feeds
Guidance for organisations that use, own, or operate an online service who are looking to start securing it. – Read More – NCSC Feed
Attack Feeds
The education sector is changing quickly as it adopts digital tools for better learning experiences. These days, learning… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Attack Feeds
The advancement of technology has also impacted sectors like gaming. Blockchain technology has surfaced as an asset that… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Privacy/Governance Feed
The head of the Australian Security Intelligence Organisation gave his Annual Threat Assessment for the year ahead – Read More –
Gov/ISAC Feeds
How to implement a secure end-to-end data export solution – Read More – NCSC Feed
Gov/ISAC Feeds
How to implement a secure end-to-end data export solution – Read More – NCSC Feed