CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2016-3714link is external ImageMagick Improper Input Validation Vulnerability CVE-2017-1000253link is external Linux Kernel PIE Stack Buffer Corruption...

City of Columbus tries to silence security researcher

The City of Columbus, Ohio is suing a security researcher for sharing stolen data. All the complaint will accomplish, we imagine, is spotlight the ignorance of certain city officials in handling a common security matter. What happened is that the City of Columbus was attacked by a ransomware grou...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-7971link is external Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and po...

CISA Adds One Known Exploited Vulnerability to Catalog for Versa Networks Director

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-39717link is external Versa Director Dangerous File Type Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...

Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum

The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23897 Jenkins Command Line Interface CLI Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and...

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213...

Thousands of Exposed Industrial Control Systems in US, UK Threaten Water Supplies

Thousands of Industrial Control Systems in the US and UK are vulnerable to cyberattacks, putting critical infrastructure like…...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-36971 Android Kernel Remote Code Execution Vulnerability CVE-2024-32113 Apache OFBiz Path Traversal Vulnerability These types of vulnerabilities are frequent...

SIEM is not storage, with Jess Dodson (Lock and Code S05E16)

This week on the Lock and Code podcast… In the world of business cybersecurity, the powerful technology known as "Security Information and Event Management" is sometimes thwarted by the most unexpected actors—the very people setting it up. Security Information and Event Management—or SIEM—is a te...

The CrowdStrike Outage and Market-Driven Brittleness

Fridays massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The...

Number of data breach victims goes up 1,000%

Nope, that headlines not a typo. Over one thousand percent. The Identity Theft Resource Center ITRC tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 81,958,874 victims. The ITRC is a national non-profit organization set up with the goal of minimizing the ri...

Paris Olympics 2024: Securing The Games

The Rising Cyber Threats In recent years, the threat of cyberattacks has grown exponentially, affecting the sports sector as well. Major international events like the Olympics are prime targets for cybercriminals, hacktivists, and even nation-states. The reasons are clear: these events attract...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference XXE Vulnerability CVE-2024-28995 SolarWinds Serv-U Path...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

The Evolution of Cybercrime Investigation

Cybercrime costs trillions, rising yearly. Criminals operate globally, teaching their methods. This article explores major cyberattacks from 1962…...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23692 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability CVE-2024-38080 Microsoft Windows Hyper-V...

Russian Hacker Wanted for Crippling Cyberattacks on Ukraine, $10M Reward

A Russian hacker is indicted for crippling cyberattacks on Ukraine before the 2022 invasion. Hes accused of working…...

Red Tape Is Making Hospital Ransomware Attacks Worse

With cyberattacks increasingly targeting health care providers, an arduous bureaucratic process meant to address legal risk is keeping hospitals offline longer, potentially risking lives...

Tabletop exercises are headed to the next frontier: Space

I think we can all agree that tabletop exercises are a good thing. They allow organizations of all sizes to test their incident response plans without the potentially devastating effects of a real-world cyber attack or intrusion. As part of my role at Talos, Ive read hundreds of tabletop exercise...