Our news

  • CISA and FBI Release Secure by Design Alert on Eliminating OS Command Injection Vulnerabilities

    Today, CISA and FBI are releasing their newest Secure by Design Alert in the series, Eliminating OS Command Injection Vulnerabilities, in response to recent well-publicized threat actor campaigns that exploited OS command injection defects in network edge devices (CVE-2024-20399, CVE-2024-3400, CVE-2024-21887) to target and compromise users. These vulnerabilities allowed unauthenticated malicious actors to remotely execute code on network…

    READ MORE

  • Microsoft Releases July 2024 Security Updates

    Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the following and apply necessary updates:     Microsoft Security Update Guide for July

    READ MORE

  • Citrix Releases Security Updates for Multiple Products

    Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the following and apply necessary updates:   NetScaler ADC and NetScaler Gateway Security Update for CVE-2024-5491 and CVE-2024-5492 NetScaler…

    READ MORE

  • CISA and Partners join ASD’S ACSC to Release Advisory on PRC State-Sponsored Group, APT 40

    CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) to release an advisory, People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action outlining a PRC state-sponsored cyber group’s activity. The following organizations also collaborated with ASD’s ACSC on the guidance: The National Security Agency (NSA); The…

    READ MORE

  • People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

    Overview Background This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS),…

    READ MORE

  • OpenAI and Apple’s Foray into Artificial Intelligence: New Products and Innovations

    Artificial intelligence (AI) is driving industry, innovation and human interaction in extraordinary ways – and some of the leading organizations driving this revolution are OpenAI and Apple. Yet, the two companies have made significant strides in developing AI, and there are major disparities between the two companies’ AI developments and what they are ultimately focused…

    READ MORE

  • Vulnerability Summary for the Week of July 1, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 2code — wpqa_builder  The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks 2024-07-03 8.8 CVE-2024-2376contact@wpscan.com ABB–ASPECT Enterprise (ASP-ENT-x)  Default credential in…

    READ MORE

  • DISGOMOJI: Not A Dance Move 

    A sophisticated malware targeting Linux servers with emojis as the form of execution, DISGOMOJI has emerged attributed to none other than the threat actor UTA0137. Utilized as part of a cyber-espionage campaign by the Pakistan-based actor, follow along as we dive into what exactly emojis have to do with Linux servers and how these state…

    READ MORE

  • Vulnerability Summary for the Week of June 24, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info access_management_specialist_project — access_management_specialist  An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. 2024-06-24 7.5 CVE-2024-37677cve@mitre.org aimeos–ai-client-html  ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from…

    READ MORE

  • Progress Software Releases Security Bulletin for MOVEit Transfer

    Progress Software released a security bulletin to address a vulnerability in MOVEit Transfer. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following bulletin and apply the necessary updates: MOVEit Transfer Critical Security Alert Bulletin – June 2024 – (CVE-2024-5806)

    READ MORE