15 matches found
CVE-2023-54235 PCI/DOE: Fix destroy_work_on_stack() race
In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroyworkonstack race The following debug object splat was observed in testing: ODEBUG: free active active state 0 object: 0000000097d23782 object type: workstruct hint: doestatemachinework+0x0/0x510 WARNING: CPU: ...
CVE-2023-54235
In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroyworkonstack race The following debug object splat was observed in testing: ODEBUG: free active active state 0 object: 0000000097d23782 object type: workstruct hint: doestatemachinework+0x0/0x510 WARNING: CPU: ...
CVE-2025-11918
Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability...
Industrial Control System Malware Discovered
The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream thats designed to attack a wide range of industrial control systems. This is clearly from a government, but no attribution is given. Theres also no indicati...
CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices
The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Department of Energy DoE are jointly warning of attacks against internet-connected uninterruptible power supply UPS devices by means of default usernames and passwords. "Organizations can mitigate attacks against their UPS...
REvil Hits US Nuclear Weapons Contractor: Report
Sol Oriens, a subcontractor for the U.S. Department of Energy DOE that works on nuclear weapons with the National Nuclear Security Administration NNSA, last month was hit by a cyberattack that experts say came from the relentless REvil ransomware-as-a-service RaaS gang. The Albuquerque, N.M...
SolarWinds Attackers Accessed DHS Emails, Report
The SolarWinds cyberattackers compromised the head of the Department of Homeland Security DHS under former president Trump and other top-ranking members of the department’s cybersecurity staff, according to a report. In the campaign, adversaries were able to use SolarWinds’ Orion network manageme...
Nuclear Weapons Agency Hacked in Widening Cyberattack
The Energy Department and its National Nuclear Security Administration NNSA, which is the agency that maintains the U.S. nuclear stockpile, have been compromised as part of the widespread cyberattack uncovered this week stemming from the massive SolarWinds hack. An exclusive report by Politico...
This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about a ransomware group that walked away with 2,200 Bitcoin: More than $33 million based on the current Bitcoin exchange rate. Also, read...
Department of Energy Susceptible to Attack
An audit of the Department of Energy has shown that 29 new weaknesses emerged on the agency’s networks this year in addition to 10 existing that the DoE failed to fix after a 2012 audit. The audit, undertaken by the Office of Inspector General and the Office of Audits and Inspections, revealed...
Watering Hole Attack Hits US Department of Labor Website
The United States Department of Labor website is the latest high-profile government site to fall victim to a watering hole attack. Researchers at a number of security companies reported today that the site was hosting malware and redirecting visitors to a site hosting the Poison Ivy remote access...
Pennsylvania Man Indicted For Hack of Department of Energy Network
A Pennsylvania man was arrested yesterday after a Massachusetts grand jury issued a four-count indictment alleging that he hacked into computer networks belonging to the U.S. Department of Energy DoE and the University of Massachusetts and tried to sell access to a DoE supercomputer for $50,000 t...
Man-in-the-Middle Remote Attack on Diebold Touch-screen Voting Machine
Man-in-the-Middle Remote Attack on Diebold Touch-screen Voting Machine The Vulnerability Assessment Team VAT at the U.S. Dept. of Energy's Argonne National Laboratory in Illinois has managed to hack a Diebold Accuvote touch-screen voting machine. Voting machines used by as many as a quarter of...
Attackers Target PNNL, Force Lab Off the Web
An attack against the Pacific Northwest National Laboratory has forced the lab to shut off access to the Internet, and the lab’s external Web site also is inaccessible right now. The attack on the lab, which conducts national security and cybersecurity research among other things, is the latest i...
Top 20 'Critical Controls' from SANS Institute
The SANS Institute has released critical security controls for cyber defense agreed to by a consortium of agencies including: “NSA, US Cert, DoD, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and p...