Microsoft addressed five critical security vulnerabilities in its September Patch Tuesday update, along with two “important”-rated zero-days under active attack in the wild. In total, Microsoft released 59 new patches addressing bugs across the product gamut: They affect Microsoft Windows, Exchange Server, Office, .NET and Visual Studio, Azure, Microsoft Dynamics, and Windows Defender. The update […]
Espionage actors are continuing to mount attacks on critical national infrastructure (CNI) targets, a trend that has become a source of concern for governments and CNI organizations worldwide. Symantec’s Threat Hunter Team has found evidence that a threat actor group Symantec calls Redfly used the ShadowPad Trojan to compromise a national grid in an Asian […]
Sep 13, 2023THNVulnerability / Browser Security Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier CVE-2023-4863, is a heap buffer overflow […]
The US government has ordered all federal civilian agencies to patch a critical vulnerability in Apache RocketMQ, which is currently being exploited in the wild. The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-33246 to its Known Exploited Vulnerabilities Catalog. It means government agencies have until September 27 to apply a vendor patch to affected […]
Security researchers have discovered what they described as a critical vulnerability in the relatively widely used PHPFusion open source content management system (CMS). The authenticated local file inclusion flaw, identified as CVE-2023-2453, allows for remote code execution if an attacker can upload a maliciously crafted “.php” file to a known path on a target system. […]
ASUS routers are affected by three critical remote code execution flaws Pierluigi Paganini September 06, 2023 Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to […]
Sep 06, 2023THNCyber Attack / Critical Infrastructure The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection […]
The Police Service of Northern Ireland (PSNI) suffered a “critical incident” on August 8, after the personally identifying information for all of its employees was published online. The “monumental” data breach occurred when data was mistakenly posted online following a Freedom of Information (FoI) request. A database, which included the surname, initials, rank/grade, role and […]
What is critical infrastructure? Critical infrastructure is the collection of systems, networks and public works that a government considers essential to its functioning and safety of its citizens. The specific infrastructure that each nation considers critical varies. It usually includes electrical grids, public services and communication systems. Special attention must be given to protect critical […]