CVE-2024-6456

CVE-2024-6456 describes a SQL Injection vulnerability in AVEVA Historian Server. Public sources in the connected documents indicate that an attacker could exploit the issue by enticing a user to open a specially crafted URL via the interactive Historian REST Interface, allowing the execution of S...

CVE-2024-3467

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker...

Trellix 2024 Threat Predictions

Trellix 2024 Threat Predictions By Trellix · October 30, 2023 Introduction This last year we have seen upheaval across the cybersecurity landscape. The need for effective, worldwide threat intelligence continues to grow as geopolitical and economic developments create an increasingly complicated...

First-Ever Russian BEC Gang, Cosmic Lynx, Uncovered

Researchers say they have discovered the first-ever reported Russian business email compromise BEC cybercriminal ring, showing that sophisticated attackers beyond the usual Nigerian scammers are setting their sights on the email-based attack vector. The BEC gang is called Cosmic Lynx, and has bee...

A Look Back at the 2018 Security Landscape

Do you ever question the value of the mounds of data we all collect? We make a point to stop, analyze and share, especially because we know you might not have the time. So, I bring you our annual look back at the more interesting security events and trends seen last year. The report, Caught in th...

Feds Arrest 74 Email Fraudsters Involved in Nigerian BEC Scams

The United States Department of Justice announced Monday the arrest of 74 email fraudsters across three continents in a global crackdown on a large-scale business email compromise BEC scheme. The arrest was the result of a six-month-long operation dubbed "Operation Wire Wire" that involved the US...

7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords

Luring users on social media to visit lookalike version of popular websites that pop-up a legitimate-looking Chrome extension installation window is one of the most common modus operandi of cybercriminals to spread malware. Security researchers are again warning users of a new malware campaign th...

Google: Most Vulnerabilities Only Exploited For a Short Time

Google has a hugely privileged view of the Internet and it uses that position for all kinds of things, one of which is to collect data and intelligence on malicious Web site behavior and malware trends. In a new report based on four years’ worth of data on site and malware activity, the company...

Internet Explorer 9 Rated Tops in Blocking Malware

In a test designed to analyze various Web browsers’ abilities to protect European users against socially engineered malware attacks, researchers at NSS Labs determined that Internet Explorer 8 and 9 were significantly more effective at curbing malicious downloads than were the other major browser...

IE9 Adds Application Reputation Filter

The latest version of Microsoft’s Internet Explorer promises to make it harder for malicious hackers to push dodgy Web applications onto end user systems, with a new Application Reputation filter. In their latest post, the Internet Explorer Weblog, the company details the ways in which IE 9 and i...