Our news

  • Vulnerability Summary for the Week of January 13, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Campaign Management System Platform for Women  A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument…

    READ MORE

  • History, Current Uses, and Future of Artificial Intelligence

    Artificial Intelligence was theorized in 1956 by John Mcarthy. He got many of the core concepts right, but he was around seven decades off. Martin Bellman invented this equation in 1959. We do not need to dive into the nuances of this equation, but know that this equation started the first phase of AI. This…

    READ MORE

  • Beware of the Toll Lane Fee Text Scam

    In an increasingly digital world, scams are becoming more sophisticated and challenging to identify. From Postal Service smishing attacks to IT helpdesk vishing attacks, it has been nearly impossible to keep track of what is real and what is indeed falsified. As the start of the year unfolds, threat actors have rotated slightly to target…

    READ MORE

  • CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

    CISA, in partnership with the Federal Bureau of Investigation (FBI), released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to active exploitation of vulnerabilities—CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a SQL injection vulnerability; and CVE-2024-8190 and CVE-2024-9380, remote code execution vulnerabilities—in Ivanti Cloud Service Appliances (CSA) in September…

    READ MORE

  • Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

    Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways. Summary The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of…

    READ MORE

  • Bear in the Cyber Den

    RUSSIA’S FANCY BEAR STRIKES AGAIN, AND WHY THIS IS JUST THE BEGINNING In recent months, the cyber threat landscape has been dominated by headlines in the cyber world, talking about a Fancy Bear. You might be asking yourself, “Who is this bear? What makes the bear fancy? Why is there a bear working with computers?”…

    READ MORE

  • Vulnerability Summary for the Week of January 13, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Campaign Management System Platform for Women  A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument…

    READ MORE

  • The Chinese Communist Party’s Little Red Notebook

    RedNote, known as Xiaohongshu, by its native Chinese consumers has experienced a surprising rise in popularity within the past few days in the United States. As an app that originally catered to Chinese shoppers looking for overseas products, it has since transformed into a complex social commerce platform that blends several elements of social media…

    READ MORE

  • CISA and FBI Release Updated Guidance on Product Security Bad Practices

    In partnership with the Federal Bureau of Investigation (FBI), CISA released an update to joint guidance Product Security Bad Practices in furtherance of CISA’s Secure by Design initiative. This updated guidance incorporates public comments CISA received in response to a Request for Information, adding additional bad practices, context regarding memory-safe languages, clarifying timelines for patching…

    READ MORE

  • CISA Releases Microsoft Expanded Cloud Logs Implementation Playbook

    Today, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit (Standard). This step-by-step guide enables technical personnel to better detect and defend against advanced intrusion techniques by operationalizing expanded cloud logs.  The playbook details analytical methodologies tied to using…

    READ MORE