Category: alerts

Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees. Read more

The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever. Read more

IPTV and IP video security is increasingly under scrutiny, even by high school kids. Read more

Original release date: October 14, 2021 CISA, the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that details ongoing cyber threats to U.S. Water and Wastewater Systems (WWS) Sector. This activity—which includes cyber intrusions leading to ransomware attacks—threatens the ability of… Read more

Original release date: October 14, 2021 Summary Immediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Use strong passwords. • Use multi-factor authentication. Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and Common… Read more

A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. Read more

The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems. Read more

Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains. Read more

Cybercriminals exploited bugs in the world’s largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users. Read more

The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza. Read more