Security News

CISA warns govt agencies of recently patched Barracuda zero-day
2023-05-27 16:14

CISA warned of a recently patched zero-day vulnerability exploited last week to hack into Barracuda Email Security Gateway appliances. Federal Civilian Executive Branch Agencies agencies must patch or mitigate the vulnerability as ordered by the BOD 22-01 binding operational directive.

The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals
2023-05-25 04:30

In response to these risks, the US government reinforced critical infrastructure security by introducing Cross-Sector Cybersecurity Performance Goals mandated by the US Cybersecurity Infrastructure & Security Agency. Recently, CISA updated the CPGs to align with NIST's standard cybersecurity framework, establishing each of the five goals as a prioritized subset of IT and OT cybersecurity practices.

CISA orders govt agencies to patch iPhone bugs exploited in attacks
2023-05-22 16:05

Today, the U.S. Cybersecurity & Infrastructure Security Agency ordered federal agencies to address three recently patched zero-day flaws affecting iPhones, Macs, and iPads known to be exploited in attacks. iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, iPod touch, and iPhone 8 and later.

CISA warns of Samsung ASLR bypass flaw exploited in attacks
2023-05-19 19:07

CISA warned today of a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization protection. The exposed info can be used by local attackers with high privileges to conduct an ASLR bypass which could enable the exploitation of memory-management issues.

CISA warns of critical Ruckus bug used to infect Wi-Fi access points
2023-05-12 17:43

The U.S. Cybersecurity and Infrastructure Security Agency warned today of a critical remote code execution flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet. While this security bug was addressed in early February, many owners are likely yet to patch their Wi-Fi access points.

CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units
2023-05-03 05:07

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday released an Industrial Control Systems advisory about a critical flaw affecting ME RTU remote terminal units. The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity.

Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
2023-05-02 22:45

The US government's Cybersecurity and Infrastructure Security Agency is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet. Trend Micro's Zero Day Initiative threat-hunting group early last week wrote in a report that in mid-April miscreants behind the please-can't-it-just-die Mirai botnet were beginning to exploit the flaw primarily by attacking devices in Eastern Europe, though the campaign soon expanded beyond that region.

CISA Warns of Critical Flaws in Illumina's DNA Sequencing Instruments
2023-04-29 04:34

The U.S. Cybersecurity and Infrastructure Security Agency has released an Industrial Control Systems medical advisory warning of a critical flaw impacting Illumina medical devices. "Successful exploitation of these vulnerabilities could allow an attacker to take any action at the operating system level," CISA said.

CISA warns of critical bugs in Illumina DNA sequencing systems
2023-04-28 14:40

The U.S. Cybersecurity Infrastructure Security Agency and the FDA have issued an urgent alert about two vulnerabilities that impact Illumina's Universal Copy Service, used for DNA sequencing in medical facilities and labs worldwide. "An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product," warns a CISA advisory released yesterday.

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug
2023-04-22 06:00

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added three security flaws to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. "In a cluster deployment, MinIO returns all environment variables, including MINIO SECRET KEY and MINIO ROOT PASSWORD, resulting in information disclosure," MinIO maintainers said in an advisory published on March 21, 2023.