Our news

  • Vulnerability Summary for the Week of February 3, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info .TUBE gTLD–.TUBE Video Curator  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects .TUBE Video Curator: from n/a through 1.1.9. 2025-02-03 7.1 CVE-2025-23799 2N–2N Access Commander  2N Access Commander version…

    READ MORE

  • CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices

    CISA—in partnership with international and U.S. organizations—released guidance to help organizations protect their network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers, and internet-facing operational technology (OT) systems. The published guidance is as follows: “Security Considerations for Edge Devices,” led by the Canadian…

    READ MORE

  • How the Mexican Drug Cartels Relate to Cybersecurity

    Mexican drug cartels have adopted the same diversification strategies as successful business moguls like the investors of Shark Tank to safeguard their empires. They have ventured into 21st-century cybercrimes, including phishing, vishing, ransomware, and pig butchering scams. These Mexican cartels utilize both traditional fiat currencies and cryptocurrencies to conduct their illicit activities. The cartels have…

    READ MORE

  • Vulnerability Summary for the Week of January 27, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 0xPolygonZero–plonky2  Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always include the 0 -> 0 input-output pair. Thus a malicious prover can always prove that f(0) =…

    READ MORE

  • Vulnerability Summary for the Week of January 13, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Campaign Management System Platform for Women  A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument…

    READ MORE

  • History, Current Uses, and Future of Artificial Intelligence

    Artificial Intelligence was theorized in 1956 by John Mcarthy. He got many of the core concepts right, but he was around seven decades off. Martin Bellman invented this equation in 1959. We do not need to dive into the nuances of this equation, but know that this equation started the first phase of AI. This…

    READ MORE

  • Beware of the Toll Lane Fee Text Scam

    In an increasingly digital world, scams are becoming more sophisticated and challenging to identify. From Postal Service smishing attacks to IT helpdesk vishing attacks, it has been nearly impossible to keep track of what is real and what is indeed falsified. As the start of the year unfolds, threat actors have rotated slightly to target…

    READ MORE

  • CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

    CISA, in partnership with the Federal Bureau of Investigation (FBI), released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to active exploitation of vulnerabilities—CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a SQL injection vulnerability; and CVE-2024-8190 and CVE-2024-9380, remote code execution vulnerabilities—in Ivanti Cloud Service Appliances (CSA) in September…

    READ MORE

  • Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

    Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways. Summary The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of…

    READ MORE

  • Bear in the Cyber Den

    RUSSIA’S FANCY BEAR STRIKES AGAIN, AND WHY THIS IS JUST THE BEGINNING In recent months, the cyber threat landscape has been dominated by headlines in the cyber world, talking about a Fancy Bear. You might be asking yourself, “Who is this bear? What makes the bear fancy? Why is there a bear working with computers?”…

    READ MORE