“Our customers are our utmost priority and we are wholeheartedly dedicated to safe guarding their interests. It has come to our notice that about 17,000 new credit cards which were issued in the past few days were erroneously mapped in our digital channels to wrong users. They constitute about 0.1% …
Read More »
CISA issued eight advisories about Industrial Control Systems (ICS) on April 25, 2024. The advisories share important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-116-01 Multiple Vulnerabilities in Hitachi Energy RTU500 Series ICSA-24-116-02 Hitachi Energy MACH SCM ICSA-24-116-03 Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks …
Read More »
In April 2023, CISA kicked off our Secure by Design initiative, the agency’s effort to shift the responsibility of security from end users to technology manufacturers, in line with the National Cybersecurity Strategy. As with any major milestone, it’s useful to pause for some self-reflection over a year’s worth of …
Read More »
CISA published two advisories about Industrial Control Systems (ICS) on April 23, 2024. The advisories give important details about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-051-03 Mitsubishi Electric Electrical Discharge Machines (Update A): Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy, or …
Read More »
After three years of research, an international team has created the first ‘World Cybercrime Index’, which ranks the most significant sources of cybercrime at a national level. The PLOS ONE journal’s Index, reveals that a few countries pose the biggest cybercrime threat. Russia is the top, followed by Ukraine, China, …
Read More »
CISA, FBI, Europol’s EC3, and NCSC-NL released a joint Cybersecurity Advisory called #StopRansomware: Akira Ransomware. It shares known tactics, techniques, and procedures of Akira ransomware, as well as indicators of compromise from FBI investigations up until February 2024. Akira threat actors started with Windows systems but shifted to Linux for …
Read More »
18 companies in Sweden pretended to be legitimate data centers for AI or other activities, but actually evaded taxes and exploited tax incentives to mine cryptocurrency. The Swedish tax agency Skatteverket is requiring almost 1 billion kronor ($91 million) in extra taxes. The Swedish Tax Agency audited 21 companies running …
Read More »
Utilizing Fortinet’s FortiClient EMS a news campaign has emerged. According to Vedere labs of forescout’s report this campaign leverages a critical vulnerability identified as CVE-2023-48788 and The campaign has been active since at least 2022 as stated the report. CVE-2023-48788: According to the official documentation, FortiClient Enterprise Management Server (EMS) …
Read More »
The NSA AISC recently released a cybersecurity information sheet called “Deploying AI Systems Securely”. This sheet was developed in partnership with CISA, the FBI, ASD ACSC, CCCS, NCSC-NZ, and NCSC-UK. The guidance provides best practices for deploying and operating externally developed artificial intelligence (AI) systems and aims to: Improve the …
Read More »
Checkmarx researchers found that hackers are using GitHub search results to distribute long-lasting malware to developers’ computers. The attackers in this campaign make harmful repositories with popular names and topics. They use techniques like automated updates and fake stars to improve search rankings. “By leveraging GitHub Actions, the attackers automatically …
Read More »
InfoSecBulletin Cybersecurity for mankind