11 matches found
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
Iran-affiliated cyber actors are targeting internet-facing operational technology OT devices across critical infrastructures in the U.S., including programmable logic controllers PLCs, cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to diminished PLC functionality,...
CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...
PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems
The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections
Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing...
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
The trove has now been taken down but included users’ logins for platforms including Apple, Google, and Meta, plus services from multiple governments...
DDoS Attacks Soar by 168% on Government Services, StormWall Warns
By Waqas The telecommunications sector also faced a significant onslaught in Q2 2023, becoming the second most targeted industry with an 83% YoY increase in DDoS attacks. This is a post from HackRead.com Read the original post: DDoS Attacks Soar by 168% on Government Services, StormWall Warns...
eservices.cyprus.gov.cy Cross Site Scripting vulnerability OBB-1361033
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Cyberattacks Hit Thousands of Canadian Tax, Benefit Accounts
Canadian authorities said almost 15,000 online accounts for various government services have been targeted in three recent waves of credential-stuffing attacks. These accounts could give attackers access to Canadians’ tax-related and benefits information, coronavirus relief fund money and more...
Why you can’t update it all at once?
It’s the second part of our talk with Daniil Svetlov at his radio show “Safe Environment” recorded 29.03.2017. In this part we talk about vulnerabilities in Linux and proprietary software, problems of patch an vulnerability management, and mention some related compliance requirements. Video with...
The EPS Awakens - Part 2
On Wednesday, Dec. 16, 2015, FireEye published The EPS Awakens, detailing an exploit targeting a previously unknown Microsoft Encapsulated Postscript EPS dict copy use-after-free vulnerability that was silently patched by Microsoft on November 10, 2015. The blog described the technical details of...
DHS Not Addressing Cyber Threats to Building Access Systems
Civil watchdogs at the Government Accountability Office are warning the Department of Homeland Security and the Government Services Agency about unaddressed risks posed to building access control systems at federal facilities. The systems in question are those that prevent unauthorized access to...