November 18, 2024 at 05:12AM The Library of Congress reported a cyber breach involving unauthorized access to email communications between congressional offices and library staff from January to September. The incident has been referred to law enforcement, while the library confirmed that the House and Senate IT networks were not compromised. ### Meeting Takeaways: 1. … Read more
August 28, 2024 at 02:34PM Threat actors are exploiting a critical remote code execution bug in Atlassian to turn cloud environments into cryptomining networks. Trend Micro uncovered attacks that drain network resources using the flaw CVE-2023-22527 in Confluence Data Center and Server. The attackers use various methods and recommended patching the environment to prevent exploitation. … Read more
August 28, 2024 at 10:47AM Hitachi Energy advises immediate upgrade to the latest version of MicroSCADA X SYS600 to address multiple critical and high-severity vulnerabilities in the product. The vulnerabilities pose confidentiality, integrity, and availability risks, impacting over 10,000 substations and various industries. Hitachi Energy is not aware of any current exploitation, but urges prompt … Read more
August 19, 2024 at 03:07PM Eight vulnerabilities in Microsoft’s macOS apps pose security risks by allowing unauthorized access to sensitive data, recording video and sound, and escalating privileges. Microsoft has been reluctant to address the issues, deeming them low risk and insisting that certain applications require the ability to load unsigned libraries. Apple’s security measures … Read more
August 7, 2024 at 11:12AM SafeBreach Labs researcher Alon Leviev disclosed critical flaws in Microsoft’s Windows Update, enabling software downgrade attacks that render fully patched Windows machines susceptible to past vulnerabilities. Leviev demonstrated these downgrades at the recent Black Hat conference in Las Vegas and worked with Microsoft to develop a security update to mitigate … Read more
May 22, 2024 at 09:57AM The US government’s ARPA-H announced a $50 million cybersecurity effort, UPGRADE, to secure hospital IT systems. The program aims to identify vulnerabilities and automatically procure, test, and deploy patches. Collaboration between IT staff, medical device makers, healthcare providers, and cybersecurity experts is crucial for creating a software suite tailored for … Read more
May 22, 2024 at 09:03AM Netflix has patched a critical vulnerability in its open source Genie job orchestration engine, designated as CVE-2024-4701. Remote attackers could potentially execute arbitrary code, exploiting a file upload process. The bug is present in Genie OSS versions prior to 4.3.18. Organizations are urged to upgrade to the fixed version to … Read more
May 21, 2024 at 08:53PM The US government’s ARPA-H is providing over $50 million for the UPGRADE program, aiming to automate hospital IT security. The initiative seeks to develop software tools to find and fix vulnerabilities in medical systems without disrupting services. This effort aligns with ARPA-H’s mission to advance medical technologies and protect healthcare … Read more
May 7, 2024 at 04:11PM CISA is launching a Ransomware Vulnerability Warning Pilot program to help healthcare, schools, and critical infrastructure organizations address security flaws exploited by ransomware groups. The system sent 1,754 notifications in its first year, resulting in 49% of organizations taking action. The program is set to become a fully automated warning … Read more
May 1, 2024 at 06:31PM HPE Aruba Networking’s April 2024 security advisory highlights critical remote code execution (RCE) vulnerabilities in various versions of ArubaOS. Ten vulnerabilities are listed, including four critical-severity unauthenticated buffer overflow issues. The vendor recommends enabling Enhanced PAPI Security and upgrading to specific patched versions for ArubaOS to mitigate the flaws. System … Read more