CISA released four Industrial Control Systems (ICS) advisories on March 26, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link ddde
Read MoreAs organizations expand and increasingly invest in more cloud applications and services, their cloud footprint grows and often becomes more complex. That’s why it is critically important to regularly reevaluate the security of those cloud assets to ensure that everything is secure, and the required processes and procedures are being upheld. The growth in cloud…
Read More3uu — shariff_wrapper The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘shariff’ shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘secondarycolor’ and ‘maincolor’. This makes it possible for authenticated attackers with contributor-level and…
Read MoreThe content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The recent years’ events, including the proliferation of ransomware, the pandemic, and political tensions, have fast-tracked the development of both offensive and defensive…
Read MoreMinecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-service (DDoS) attacks, threatening server functionality, player experience, and the game’s reputation. Despite the prevalence of DDoS attacks on the game, the majority of incidents go unreported, leaving a gap in awareness and protection. This article explains what…
Read MoreThe U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years. The defendants include Ni Gaobin (倪高彬), Weng Ming (翁明), Cheng Feng (程锋), Peng Yaowen (彭耀文), Sun Xiaohui (孙小辉), Xiong…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-031 DATE(S) ISSUED: 03/26/2024 OVERVIEW: A vulnerability has been discovered in multiple Apple products which could allow for Arbitrary Code Execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then…
Read MoreOn Secure Voting Systems Andrew Appel shepherded a public comment—signed by twenty election cybersecurity experts, including myself—on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but it’s general in nature. From the executive summary: We believe that no system is perfect, with each having trade-offs. Hand-marked and…
Read MoreAttack on the UK’s Electoral Commission This indictment has prompted a strong international reaction, with the UK explicitly attributing similar cyber misconduct to China-affiliated actors. According to a statement from the UK government, the National Cyber Security Centre (NCSC) has linked a Chinese state-affiliated entity to the compromise of the UK Electoral Commission’s systems between…
Read MoreMar 26, 2024NewsroomMoney Laundering / Digital Currency The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S…
Read More