Smart devices: new law helps citizens to choose secure products
Smart devices: new law helps citizens to choose secure products From 29 April 2024, manufacturers of consumer ‘smart’ devices must...
News
US-CERT Vulnerability Summary for the Week of April 22, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.
Cisco has disclosed three vulnerabilities (CVE-2024-20353, CVE-2024-20359 and CVE-2024-20358) in their Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products....
Cisco Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Cisco Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code...
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM)...
US-CERT Vulnerability Summary for the Week of April 15, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Palo Alto Products Remote Code Execution Vulnerability
A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on...
Cryptographic Vulnerability in PuTTY
The PuTTy Project has released a security update to address a cryptographic vulnerability (CVE-2024-31497) in PuTTY.Successful exploitation of this vulnerability...
Cyber Assessment Framework 3.2
Cyber Assessment Framework 3.2 In the two years since the last version of the NCSC Cyber Assessment Framework (CAF) was...
Palo Alto Products Remote Code Execution Vulnerability
A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on...
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities...
Palo Alto Products Remote Code Execution Vulnerability
A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on...
Critical Vulnerabilities in Ivanti Avalanche
Ivanti has released security updates addressing two critical vulnerabilities (CVE-2024-24996 and CVE-2024-29204) in their Avalanche mobile device management (MDM) products...
Palo Alto Products Remote Code Execution Vulnerability
A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on...
Oracle Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Oracle Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service...
US-CERT Vulnerability Summary for the Week of April 8, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Palo Alto Products Remote Code Execution Vulnerability
A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on...
Active Exploitation of Critical Vulnerability in Palo Alto Networks PAN-OS Software
Palo Alto Networks has disclosed a critical vulnerability (CVE-2024-3400) affecting their PAN-OS software used in its GlobalProtect gateways. The vulnerability...
How Microsoft discovers and mitigates evolving attacks against AI guardrails
As we continue to integrate generative AI into our daily lives, it’s important to understand the potential harms that can...
Active Exploitation of Vulnerabilities in D-Link Products
D-Link has disclosed two vulnerabilities (CVE-2024-3272 & CVE-2024-3273) in their network-attached storage (NAS) devices. These vulnerabilities are reportedly being actively...
Critical Vulnerability in Rust Standard Library
Rust has released an update to address a critical vulnerability (CVE-2024-24576) affecting the Rust standard library. The vulnerability has a...
Apr 2024 Monthly Patch
Microsoft has released security patches to address multiple vulnerabilities in their software and products.The vulnerabilities that have been classified as...
Interactive administration in the cloud: managing the risks
Interactive administration in the cloud: managing the risks In the NCSC’s cloud platforms guidance (and most recently in our lift...
Multiple Vulnerabilities in HTTP/2 Protocol
A security researcher has disclosed a new Denial-of-Service (DoS) attack method which exploits HTTP/2 protocols affected by a class of...
