Tuesday , December 24 2024

infosecbulletin

CISA Plans to Measure Trust in Open-Source Software

open source software

The United States cyber defense agency is creating a new framework to answer a critical question in cybersecurity: How can the trustworthiness of open-source security projects be accurately measured and transparently communicated? The Cybersecurity and Infrastructure Security Agency is working on the second phase of its open-source software security road …

Read More »

CVE-2024-6387
Cisco Confirms OpenSSH regreSSHion Flaw in Multiple Products

CISCO

Cisco warned about a serious security issue called “regreSSHion” (CVE-2024-6387) that affects the OpenSSH server in some Cisco products and cloud services. This could let unauthorized attackers run their own code on affected systems, possibly taking full control of the system. The following table lists Cisco products that are affected …

Read More »

Threat Actors Exploit Microsoft SmartScreen Vulnerability: Cyble

cyble

Cyble Analyzes An Active Campaign Exploiting A Microsoft SmartScreen Vulnerability To Deliver Stealers Via Spam Emails. Key findings:  * Cyble Research and Intelligence Labs (CRIL) recently came across an active campaign exploiting the Microsoft SmartScreen vulnerability (CVE-2024-21412). * The ongoing campaign targets multiple regions, including Spain, the US, and Australia. …

Read More »

Emerging Eldorado ransomware focuses on Windows, VMware ESXi VMs

chart

A new ransomware named Eldorado appeared in March and has locker versions for VMware ESXi and Windows. The gang has claimed 16 victims, mostly in the U.S., in various sectors including real estate, education, healthcare, and manufacturing. Researchers from Group-IB observed the activity of Eldorado. They found that the operators …

Read More »