7 matches found
Vulnerable SDK components lead to supply chain risks in IoT and OT environments
December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...
Gamaredon APT targets Ukrainian government agencies in new campaign
By Asheer Malhotra and Guilherme Venere. Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware. The adversary is using phishing documents containing lures related to the Russian invasion...
1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp
A team of Canadian cybersecurity researchers has uncovered a sophisticated and targeted mobile hacking campaign that is targeting high-profile members of various Tibetan groups with one-click exploits for iOS and Android devices. Dubbed Poison Carp by University of Toronto's Citizen Lab, the...
Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
Introduction FireEye devices detected intrusion attempts against multiple industries, including think tank, law enforcement, media, U.S. military, imagery, transportation, pharmaceutical, national government, and defense contracting. The attempts involved a phishing email appearing to be from the...
Applied Watch Command Center 1.0 Authentication Bypass Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/9124/info A vulnerability has been identified in the system that may allow an attacker to bypass authentication to add attacker supplied IDS alerts and new user accounts in the console. Successful exploitation of these...
Applied Watch Command Center 1.0 - Authentication Bypass (2)
// source: https://www.securityfocus.com/bid/9124/info A vulnerability has been identified in the system that may allow an attacker to bypass authentication to add attacker supplied IDS alerts and new user accounts in the console. Successful exploitation of these issues may allow an attacker to...
Threat Management Gateway Definition Updates for Network Inspection System
Forefront TMG Network Inspection System NIS helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols. As a security best practice, NIS signatures should be kept up to date...