5 matches found
CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment
An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...
An Evidence-Driven Analysis of Threat Information Sharing Challenges for Industrial Control Systems and Future Directions
The increasing cyber threats to critical infrastructure highlight the importance of private companies and government agencies in detecting and sharing information about threat activities. Although the need for improved threat information sharing is widely recognized, various technical and...
CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
The Cybersecurity and Infrastructure Security Agency CISA has released an update to a previously published Cybersecurity Advisory CSA, Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations...
NSA Officials Say Snowden Used Legitimate Access to Steal Data
It’s taken more than six months, but top officials at the National Security Agency are finally discussing some of the details of how former agency contractor Edward Snowden got access to all of the documents he stole and what kind of damage they believe the publication of the information they...
Adequate Attack Data and Threat Information Sharing No Longer a Luxury
BOSTON – While some industry groups such as the Financial Services Information Sharing and Analysis Center FS-ISAC and cross-industry groups such as the Advanced Cyber Security Center ACSC facilitate the exchange of threat information, for the most part organizations are still hamstrung by legal...