November 19, 2024 at 03:02PM A recent EPA study found that nearly one-third of U.S. drinking water systems have cybersecurity vulnerabilities, affecting approximately 82.7 million people. The agency lacks a tracking system for potential attacks, relies on DHS for incident reporting, and faces ongoing challenges in enhancing cybersecurity amidst aging infrastructure. ### Meeting Takeaways: 1. … Read more
November 13, 2024 at 08:03AM Intel and AMD released November 2024 Patch Tuesday advisories, addressing newly identified vulnerabilities in their products. Intel issued 44 advisories, while AMD provided 8. This update serves to inform customers about necessary security measures for their devices. **Meeting Takeaways:** 1. **Intel Security Advisories**: Intel has released 44 new security advisories … Read more
October 31, 2024 at 08:51AM Yahoo researchers discovered multiple vulnerabilities in OpenText’s NetIQ iManager, with some potentially allowing unauthenticated remote code execution (RCE) through chaining. These findings underscore significant security concerns in the software. **Meeting Takeaways:** 1. **Vulnerability Discovery**: Yahoo researchers identified multiple vulnerabilities in OpenText’s NetIQ iManager. 2. **Risk Level**: Some of these vulnerabilities … Read more
October 21, 2024 at 03:12AM Cybersecurity researchers identified serious cryptographic vulnerabilities in end-to-end encrypted cloud storage platforms (Sync, pCloud, Icedrive, Seafile, Tresorit) that allow malicious servers to leak sensitive data, tamper with files, and access plaintext. Some providers acknowledged the issues, while Icedrive has not taken corrective action. ### Meeting Takeaways: October 21, 2024 **Topic: … Read more
October 17, 2024 at 07:53AM Cisco has issued patches for various vulnerabilities in ATA 190 series firmware, including two high-severity issues. This action addresses security concerns to enhance the protection of the devices. The updates were reported by SecurityWeek. **Meeting Takeaways:** 1. **Cisco Vulnerabilities Addressed**: Cisco has released patches for multiple vulnerabilities in the ATA … Read more
October 11, 2024 at 11:13PM A joint advisory from US and UK agencies warns of a massive Russian hacking campaign exploiting known vulnerabilities, led by APT29. Organizations are urged to prioritize patching systems and improve cyber defenses. Additionally, phone phishing scams are on the rise, and GitLab users need to patch critical vulnerabilities urgently. Here … Read more
October 8, 2024 at 03:29PM Microsoft released security updates to address vulnerabilities in multiple products. CISA advises users and administrators to review and apply necessary updates from the Microsoft Security Update Guide for October to mitigate potential cyber threats. Based on the meeting notes, the key takeaway is that Microsoft has released security updates to … Read more
October 3, 2024 at 05:25PM The Cybersecurity and Infrastructure Security Agency has added CVE-2024-29824, an SQL Injection vulnerability in Ivanti Endpoint Manager, to its Known Exploited Vulnerabilities Catalog. Rated critical with a CVSS score of 9.6, this flaw was exploited in the wild, prompting Ivanti to release security updates in May. Organizations are cautioned to … Read more
October 2, 2024 at 11:05AM The U.S. cybersecurity agency CISA has issued a warning about two critical vulnerabilities in Optigo Networks ONS-S8 Aggregation Switch products, used in critical infrastructure worldwide. The flaws allow bypassing of password requirements and could lead to remote code execution. No fixes are available, so users are advised to apply suggested … Read more
October 2, 2024 at 10:15AM A series of critical vulnerabilities in DrayTek routers, including buffer overflow and cross-site scripting flaws, have been discovered, posing a significant security risk. Over 700,000 exposed devices globally are affected, requiring immediate patching. The incident highlights the importance of secure network practices, especially for critical infrastructure organizations. Joint cybersecurity guidance … Read more