Security News

‘No one was kicked off the NTSB in the middle of investigating a crash’ interview Gutting the Cyber Safety Review Board as it was investigating how China's Salt Typhoon breached American...

The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).  "In alignment with the Department of Homeland...

And: America 'has never been less secure,' retired rear admiral tells Congress The Trump administration gutted key cybersecurity advisory boards in its first days, as expert witnesses warned...

A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People's Republic of China (PRC)-affiliated threat actors...

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Atlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own - the links it contained weren't live for all readers at the time of despatch. The email, seen by The Register, warns of flaws rated 9.0 or higher on the Common Vulnerability Scoring System scale and offers a link to an advisory.

WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin. The emails pretend to be from WordPress, warning that a new critical remote code execution flaw in the platform was detected on the admin's site, urging them to download and install a plugin that allegedly addresses the security issue.

LockBit - a ransomware-as-a-service operation that has extorted $91 million from some 1,700 attacks against U.S. organizations since 2020, striking at least 576 organizations in 2022 - gives customers a low-code interface for launching attacks. The cybersecurity advisory noted that LockBit attacks have impacted the financial services, food, education, energy, government and emergency services, healthcare, manufacturing and transportation sectors.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday released an Industrial Control Systems advisory about a critical flaw affecting ME RTU remote terminal units. The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity.

A security advisory for a vulnerability published by MITRE has accidentally been exposing links to remote admin consoles of over a dozen vulnerable IP devices since at least April 2022. A vulnerability advisory published by MITRE for a high-severity information disclosure vulnerability in April ironically disclosed links to over a dozen live IoT devices vulnerable to the flaw.