Our news

  • The Road Map to Illinois Being a Centralizing Force in Cyber Security

    Illinois is known as the transportation hub of the United States, utilizing Chicago and its geographical center in America.  In 2019, The State of Illinois did a major push through the budget to fund large investments into data centers around northern Illinois. The state’s investment in its infrastructure, bolstered by House Bill 3293 (HB 3293),

    READ MORE

  • Session Hijacking

    There are many different types of session hijacking, including session fixation, man-in-the-middle attacks, and active session hijacking. In active session hijacking, an attacker takes over a live session by stealing the session ID while the victim is already logged in. This can be done through methods such as network sniffing or cross-site scripting. The goal

    READ MORE

  • When AI Imitates the Voice of Someone You Trust

    Imagine getting a call from someone who sounds exactly like your wife, boss, or grandson. They are in trouble and need your help. But here’s the trick: it’s not them. It is artificial intelligence (AI). According to the Identity Theft Resource Center (ITRC), the number of AI-based frauds has increased by 148 percent this year.

    READ MORE

  • Caller ID Spoofing

    There are many different types of spoofing, from email spoofing to caller spoofing. The purpose behind spoofing is to deceive a system or person by impersonating a trusted source. The goal could be a variety of things, such as, gain unauthorized access, stealing information, bypass security controls, deliver malware, perform fraud and more. Description: Caller

    READ MORE

  • Vulnerability Summary for the Week of August 11, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Sales Management System A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has been

    READ MORE

  • CISA Releases Thirty-Two Industrial Control Systems Advisories

    CISA released thirty-two Industrial Control Systems (ICS) advisories on August 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-226-01 Siemens SIMATIC RTLS Locating Manager ICSA-25-226-02 Siemens COMOS ICSA-25-226-03 Siemens Engineering Platforms ICSA-25-226-04 Siemens Simcenter Femap ICSA-25-226-05 Siemens Wibu CodeMeter Runtime ICSA-25-226-06 Siemens Opcenter Quality ICSA-25-226-07 Siemens Third-Party Components in SINEC OS ICSA-25-226-08 Siemens RUGGEDCOM CROSSBOW

    READ MORE

  • CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators

    CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, released comprehensive guidance to help operational technology (OT) owners and operators across all critical infrastructure sectors create and maintain OT asset inventories and supplemental taxonomies.  An asset inventory is a regularly updated, structured list of an

    READ MORE

  • Vulnerability Summary for the Week of August 4, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Adobe–Adobe Experience Manager Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user

    READ MORE

  • CISA Issues ED 25-02: Mitigate Microsoft Exchange Vulnerability

    Today, CISA issued Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE-2025-53786, a vulnerability in Microsoft Exchange server hybrid deployments.   ED 25-02 directs all Federal Civilian Executive Branch (FCEB) agencies with Microsoft Exchange hybrid environments to implement required mitigations by 9:00 AM EDT on Monday, August 11, 2025.  This vulnerability presents

    READ MORE

  • Microsoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange Deployments

    Note: This Alert may be updated to reflect new guidance issued by CISA or other parties.  CISA is aware of the newly disclosed high-severity vulnerability, CVE-2025-53786, that allows a cyber threat actor with administrative access to an on-premise Microsoft Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. This vulnerability, if not addressed, could impact

    READ MORE