Cyber attack results in data breach of all Louisiana driver licenses, IDs

Those with a Louisiana ID, registration or driver’s license could have their personal data exposed as a major cyber attack targeted the Louisiana Office of Motor Vehicles as well as other Government entities. According to the Governor’s Office of Homeland Read More …

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China

Starting as early as October 10, 2022, UNC4841 sent emails to victim organizations that contained malicious file attachments designed to exploit CVE-2023-2868 to gain initial access to vulnerable Barracuda ESG appliances. Over the course of their campaign, UNC4841 has primarily Read More …

Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability – CVE-2023-35708

Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below Read More …

CISA Releases Fourteen Industrial Control Systems Advisories

CISA released fourteen Industrial Control Systems (ICS) advisories on June 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-166-01 SUBNET PowerSYSTEM Center ICSA-23-166-02 Advantech WebAccessSCADA ICSA-23-166-03 Siemens SICAM Q200 Devices Read more… Read More …

Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine

The Shuckworm espionage group is continuing to mount multiple cyber attacks against Ukraine, with recent targets including security services, military, and government organizations. In some cases, Shuckworm has succeeded in staging long-running intrusions, lasting for as long as three months. Read More …

US government agencies hit in global cyberattack

“Several” US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software. The US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their Read More …

Rosenergoatom official says Zaporozhye NPP has to deal with daily cyberattacks

Every day, the Zaporozhye nuclear power plant (ZNPP) has to deal with cyberattacks, an adviser to the director general of Russia’s Rosenergoatom nuclear power engineering company has said. “Every day, networks of the Rosenergoatom concern, of the Rosatom state corporation Read More …

CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs)

Today, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI), highlighting threats to Baseboard Management Controller (BMC) implementations and detailing actions organizations can use to harden them. BMCs are trusted components designed into a computer’s Read More …