Cyber vulnerability in networks used by spacecraft, aircraft and energy generation systems

A major vulnerability in a networking technology widely used in critical infrastructures such as spacecraft, aircraft, energy generation systems and industrial control systems was exposed by researchers at the University of Michigan and NASA. It goes after a network protocol Read More …

CISA Has Added One Known Exploited Vulnerability to Catalog   

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To Read More …

NSA to developers: Think about switching from C and C++ to a memory safe programming language

The National Security Agency (NSA) is urging developers to shift to memory safe languages – such as C#, Go, Java, Ruby, Rust, and Swift – to protect their code from remote code execution or other hacker attacks. Of the languages Read More …

CISA Releases SSVC Methodology to Prioritize Vulnerabilities

Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system. As stated Read More …

iPhone iOS 16.1.1 fixes two security vulnerabilities – time to update

Apple has released an update that protects users against two security vulnerabilities that could affect iPhones and iPads. The iOS 16.1.1 and iPadOS 16.1.1 software update comes two weeks after the release of iOS 16.1 for all iPhone and iPad Read More …

Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks

Microsoft has released security updates to address two high-severity Microsoft Exchange zero-day vulnerabilities collectively known as ProxyNotShell and exploited in the wild. Attackers have been chaining the two security flaws to deploy Chinese Chopper web shells on compromised servers for Read More …

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view Read More …

China is likely stockpiling and deploying vulnerabilities, says Microsoft

Microsoft has asserted that China’s offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities. China’s 2021 law required organizations to report security vulnerabilities to local authorities before disclosing Read More …