News • Insights • Analysis
CISA released seven Industrial Control Systems (ICS) advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02 Keysight N6845A Read More …
The second quarter of 2023 was characterized by thought-out, tailored and persistent waves of DDoS attack campaigns on various fronts, including: Multiple DDoS offensives orchestrated by pro-Russian hacktivist groups REvil, Killnet and Anonymous Sudan against Western interest websites. An increase Read More …
Today, the National Security Agency (NSA) and CISA published 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents recommendations to Read More …
This past March, Fortinet researcher Yonghui Han discovered and reported several zero-day vulnerabilities in Adobe InDesign to Adobe. And on Patch Tuesday, July 11, 2023, Adobe released their security patches to fix them. The vulnerabilities are identified as CVE-2023-29308, CVE-2023-29309, CVE-2023-29310, Read More …
CISA released nine Industrial Control Systems (ICS) advisories on July 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-194-01 Siemens RUGGEDCOM ROX ICSA-23-194-02 Siemens SiPass Integrated ICSA-23-194-03 Siemens SIMATIC CN 4100 Read Read More …
“There’s an increase in threat actors targeting critical infrastructure,” said Katell Thielemann, a Gartner research analyst focused on risk and security for cyber-physical systems. “And there’s an enhanced sensitivity that threat actors are probing infrastructure.” Since 2021, the U.S. Department Read More …
A stack-based overflow vulnerability [CWE-124] in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. Workaround: Disable deep Read More …
Since its initial release in late 2022, the AI-powered text generation tool known as ChatGPT has been experiencing rapid adoption rates from both organizations and individual users. However, its latest feature, known as Shared Links, comes with the potential risk Read More …
How often have you heard the phrase, “We need to implement automation,” over the past year? And how many times have you invested in automation software only to find out it didn’t meet your specific requirements? The widespread adoption of Read More …
CISA is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against multiple organizations in multiple sectors. These attacks can cost an organization time and money and may impose reputational costs while resources and services are Read More …
