Our news

  • Cyber Threats and the U.S. Election

    As the presidential race is ending, cybercrime revolving around the election is at an all-time high. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint public service announcement (PSA) cautioning the widespread disinformation being spread by threat actors ahead of the U.S. general election. The announcement focused

    READ MORE

  • Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments

    CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing malicious remote desktop protocol (RDP) files to targeted organizations to connect to and access files stored on the target’s

    READ MORE

  • Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

    Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive files or take control of an affected system. At this time, all patches have been released. CISA previously added this

    READ MORE

  • JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

    CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing in the wake of a significant IT outage caused by a CrowdStrike software update. This outage, which impacted government, critical infrastructure, and industry across the globe, led to disruptions in essential services, including air travel, healthcare, and financial operations. Leveraging

    READ MORE

  • Deepfake Frights: Unmasking the Shadows of Digital Deception

    October. The month the night grows longer, and spooky whispers fill the air. Your neighbor is masquerading as a world-renowned singer and her husband is living out his football superstar fantasies. October is a spectacle, and maybe it’s time to slip into your costume. Unfortunately, you are not the only one in disguise. In fact,

    READ MORE

  • Vulnerability Summary for the Week of October 21, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Admin–Verbalize WP  Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0. 2024-10-23 10 CVE-2024-49668 audit@patchstack.com  advancedcoding–Comments wpDiscuz  The Comments – wpDiscuz plugin for

    READ MORE

  • Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software

    Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication to address vulnerabilities in Cisco ASA, FMC, and FTD. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review the following advisory and apply the

    READ MORE

  • Vulnerability Summary for the Week of October 14, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Acespritech Solutions Pvt. Ltd.–Social Link Groups  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Acespritech Solutions Pvt. Ltd. Social Link Groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through 1.1.0. 2024-10-20 8.5

    READ MORE

  • Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

    Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Oracle Critical Patch Update Advisory and apply the necessary updates:  Oracle Critical

    READ MORE

  • Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

    Summary The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint Cybersecurity Advisory to warn network defenders of Iranian cyber actors’ use

    READ MORE