Cloudflare finds a way through China’s network defences

Cloudflare has found a way to extend some of its services across the Great Firewall and into mainland China. “Performance and reliability for traffic flows across the mainland China border have been a consistent challenge for IT teams within multinational Read More …

CISA Adds Two Known Exploited Vulnerabilities to Catalog

ISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view Read More …

Iranian Hackers Installed Crypto Miner in Federal Agency After Exploiting Unpatched Log4Shell Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) said Iranian hackers breached a federal agency that failed to patch the Log4Shell vulnerability and deployed a crypto miner. The Log4Shell vulnerability (CVE-2021-44228) is a critical remote code execution flaw on Apache’s Log4j Read More …

CISA Releases Eight Industrial Control Systems Advisories

CISA has released eight (8) Industrial Control Systems (ICS) advisories on 22 November 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory Read More …

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially Read More …

#StopRansomware: Hive Ransomware

As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments, according to FBI information. Hive ransomware follows the ransomware-as-a-service (RaaS) model in which developers create, maintain, and update the malware, Read More …

CISA Releases Two Industrial Control Systems Advisories

CISA has released two (2) Industrial Control Systems (ICS) advisories on November 17, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory Read More …

F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ

F5 has released hotfixes for its BIG-IP and BIG-IQ products, addressing two high-severity flaws allowing attackers to perform unauthenticated remote code execution (RCE) on vulnerable endpoints. While these flaws require specific criteria to exist, making them very difficult to exploit, Read More …