The Information Highway

The Information Highway

Kemp LoadMaster and VMware vCenter vulnerabilities

Threat-Advisory-Banner3

Threat update

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical vulnerabilities in Progress Kemp LoadMaster (CVE-2024-1212) and VMware vCenter Server (CVE-2024-38812, CVE-2024-38813) to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities allow attackers to execute arbitrary commands, gain remote code execution (RCE), and escalate privileges. Continue reading this Cybersecurity Threat Advisory to reduce your risk of exploitation from these vulnerabilities. 

Continue reading
  108 Hits

FBI tells public to ignore false claims of hacked voter data

CISA

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks.

Continue reading
  369 Hits

CISA warns of Windows bug exploited in ransomware attacks

Windows

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs.

Continue reading
  561 Hits

CISA warns of hackers exploiting Chrome, EoL D-Link bugs

CISA

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers.

Continue reading
  653 Hits

CISA makes its "Malware Next-Gen" analysis system publicly available

CISA_headpic

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA.

Continue reading
  749 Hits

CISA cautions against using hacked Ivanti VPN gateways even after factory resets

CISA-red-flare

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets.

Continue reading
  831 Hits

CISA warns of actively exploited bugs in Chrome and Excel parsing library

CISA_headpic

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel.


Continue reading
  818 Hits

CISA urges tech manufacturers to stop using default passwords

0_CISA

Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged technology manufacturers to stop providing software and devices with default passwords. 

Continue reading
  952 Hits

Hackers breach US govt agencies using Adobe ColdFusion exploit

CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. 

Continue reading
  845 Hits

Hackers breach US water facility via exposed Unitronics PLCs

Water_treatment_US

CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online. 

Continue reading
  938 Hits

CISA warns of actively exploited Windows, Sophos, and Oracle bugs

CISA_headpic

The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle. 

Continue reading
  835 Hits

CISA shares vulnerabilities, misconfigs used by ransomware gangs

CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks. 

Continue reading
  1346 Hits

NSA and CISA reveal top 10 cybersecurity misconfigurations

Hacker

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations. 

Continue reading
  897 Hits

CISA warns of critical Apache RocketMQ bug exploited in attacks

CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities (KEV) a critical–severity issue tracked as CVE-2023-33246 that affects Apache's RocketMQ distributed messaging and streaming platform. 

Continue reading
  963 Hits

CISA: New Whirlpool backdoor used in Barracuda ESG hacks

Barracuda-Whirlpool

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered that the backdoor malware named 'Whirlpool' used in attacks on compromised Barracuda Email Security Gateway (ESG) devices. 

Continue reading
  950 Hits

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023