Category: alerts

Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more. Read more

More than a month after the cyberattack first hit, the UVM health network is still grappling with delayed payment processing and other issues. Read more

Original release date: November 30, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor… Read more

Ransomware gangs with zero-days and more players overall will characterize financially motivated cyberattacks next year. Read more

While 2021 will present evolving threats and new challenges, it will also offer new tools and technologies that will we hope shift the balance towards the defense. Read more

Original release date: November 27, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of the possible exposure of passwords on Fortinet devices that are vulnerable to CVE 2018-13379. Exploitation of this vulnerability may allow an unauthenticated attacker to access FortiOS system files. Potentially affected devices may be located in the United States. Fortinet… Read more

Designing a behavioral change program requires an audit of existing security practices and where the sticking points are. Read more

Reducing the risks of remote work starts with updating the access policies of yesterday. Read more

Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others. Read more

The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound. Read more