Security News
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. [...]
CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. [...]
The U.S. Cybersecurity and Infrastructure Security Agency has disclosed that threat actors are abusing the legacy Cisco Smart Install feature with the aim of accessing sensitive data. The agency said it has seen adversaries "Acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. [...]
CISA recommends disabling the legacy Cisco Smart Install feature after seeing it abused by threat actors in recent attacks to steal sensitive data, such as system configuration files. [...]
Black Hat US Cybersecurity and Infrastructure Security Agency director Jen Easterly and her counterparts from the UK and EU want the world to know that, when it comes to securing elections, they've never been more prepared. "I can say with confidence that election infrastructure has never been more secure," Easterly claimed, and she had a ready explanation as to why: "The election stakeholder community has never been stronger."
The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. Attacks involving ransomware have targeted several critical infrastructure sectors spanning commercial facilities, healthcare and public health, government facilities, and critical manufacturing.
US law enforcement and cybersecurity agencies are reminding the public that the country's voting systems will remain unaffected by distributed denial of service attacks as the next presidential election fast approaches. The feds didn't go as far as to say they expected DDoS attacks to strike the November election, but they did comment on how popular a tactic they are among politically and ideologically motivated hacktivists and cybercriminals.
CISA and the FBI said today that Distributed Denial of Service (DDoS) attacks targeting election infrastructure will, at most, hinder public access to information but will have no impact on the...
CISA has ordered U.S. Federal Civilian Executive Branch agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. Broadcom subsidiary VMware fixed this flaw discovered by Microsoft security researchers on June 25 with the release of ESXi 8.0 U3. CVE-2024-37085 allows attackers to add a new user to the 'ESX Admins' group-not present by default but can be added after gaining high privileges on the ESXi hypervisor-which will automatically be assigned full administrative privileges.