Our news
-
CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise
CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications,…
-
Beware of the Tax Trap
It’s that time of year again, tax season, and if you are anything like me and most of my friends who keep saying “I need to file my taxes” all the way until April 14th, you know that day is here. Don’t worry, millions of Americans are scrambling to file their 2024 returns before tomorrow’s…
-
A Seismic Shift in Cryptography and Cybersecurity
The field of cybersecurity is staring down the barrel of a fundamental shift in how we look at security and encryption, and quantum computers are holding the business end of this particular boom stick. A computer’s thought process will run in the binary code known as bits, where 1s and 0s are processed in order.…
-
Vulnerability Summary for the Week of April 7, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a — n/a A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to…
-
Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities
Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet RCE vulnerabilities within FortiOS and FortiGate products. This malicious file could enable read-only access to files on the devices’ file system, which may include configurations. See the following resource for more information: Analysis of Threat Actor Activity | Fortinet Blog…
-
Future Advancements Call for Future Defenses Today
The days of “Password12345” have been long gone, but what about something more complex? Most websites, and applications require that your password contain a certain complexity such as a special character, a minimum length, and a number i.e. “Pa$&w0rd12345islong!”. However, we have all done it before; you forget your password to an account, or maybe…
-
Vulnerability Summary for the Week of March 31, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Aboobacker.–AB Google Map Travel Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from n/a through 4.6. 2025-03-31 7.1 CVE-2025-31613 acme.sh project–acme.sh The Docker image from acme.sh before 40b6db6…
-
Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457)
Ivanti released security updates to address vulnerabilities (CVE-2025-22457) in Ivanti Connect Secure, Policy Secure & ZTA Gateways. A cyber threat actor could exploit CVE-2025-22457 to take control of an affected system. CISA has added CVE-2025-22457 to its Known Exploited Vulnerabilities Catalog. See the following resources for more guidance: April Security Update | Ivanti April Security Advisory Ivanti…
-
NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on “Fast Flux,” a National Security Threat
Today, CISA—in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ)—released joint Cybersecurity Advisory Fast Flux: A National Security Threat (PDF, 841 KB). This advisory warns organizations, internet service…
-
Fast Flux: A National Security Threat
Executive summary Many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.” This technique poses a significant threat to national security, enabling malicious cyber actors to consistently evade detection. Malicious cyber actors, including cybercriminals and nation-state actors, use fast flux to obfuscate the locations of malicious…