Aggregator

Tuesday, August 13, 2

The Ukrainian security service (SBU) is warning of a new Kremlin disinformation campaign related to

The Defense Advanced Research Projects Agency launches TRACTOR program to work with university and industry researchers on creating a translation system that can turn C code into secure, idiomatic Rust code.

今天的 AGI 掘金热点资讯来啦，我们知识库上线了 AI 小助手，欢迎来撩！

8月20日 19:00-21:00，来直播间，与你不见不散！

Невнимательность сотрудника привела к крупной потере.

For over six years now, Kaspersky’s Global Research and Analysis Team (GReAT) has been

Hackers “supported by the services of [a] hostile state” are believed to be behind the leak of over

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability
• CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability
• CVE-2024-38213 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
• CVE-2024-38193 Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
• CVE-2024-38106 Microsoft Windows Kernel Privilege Escalation Vulnerability
• CVE-2024-38107 Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following and apply necessary updates:

• Microsoft Security Update Guide for August

CISA released ten Industrial Control Systems (ICS) advisories on August 13, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-226-01 AVEVA SuiteLink Server
• ICSA-24-226-02 Rockwell Automation AADvance Standalone OPC-DA Server
• ICSA-24-226-03 Rockwell Automation GuardLogix/ControlLogix 5580 Controller 
• ICSA-24-226-04 Rockwell Automation Pavilion8
• ICSA-24-226-05 Rockwell Automation DataMosaix Private Cloud
• ICSA-24-226-06 Rockwell Automation FactoryTalk View Site Edition
• ICSA-24-226-07 Rockwell Automation Micro850/870
• ICSA-24-226-08 Ocean Data Systems Dream Report
• ICSA-24-226-09 Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380
• ICSA-24-226-10 Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, and Compact GuardLogix 5380

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Ivanti released security updates to address multiple vulnerabilities in Ivanti Avalanche, Neurons for ITSM, and Virtual Traffic Manager (vTM).  A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Ivanti advises users to reduce their attack surface and follow industry best practices by adhering to Ivanti’s network configuration guidance to restrict access to the management interface. 

CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary guidance and updates: 

• Security Advisory: Ivanti Avalanche

• Security Advisory: Ivanti Neurons for ITSM

• Security Advisory: Ivanti Virtual Traffic Manager (vTM)

NIST is encouraging computer system administrators to begin transitioning to the new standards as soon as possible.

Ученые придумали новый способ превращения радиоволн в электричество.

Securing customer data is critical for retailers. Data breaches undermine customer tru

The OWASP Top 10 provides a standardized catalog of the most critical security risks to web applica

Shwmae обходит биометрическую защиту.

Compliance with SOC 2 assures that the company maintains a high standard of information security, and highlights it among market competitors.

The post How to Prepare for SOC 2 and ISO 27001 Audit? Tips for Jira Admins appeared first on Security Boulevard.

International authorities have successfully seized the servers associated with the notorious Dispossessor ransomware group. This operation marks a critical step in combating ransomware attacks that have plagued individuals, businesses, and institutions worldwide. According to the tweet from MonThreat, the takedown comes amidst growing concerns over the increasing sophistication of cyber threats, including the recent emergence […]

The post New Banshee MacOS Stealer Attacking Users to Steal Keychain Data appeared first on Cyber Security News.