CISA released two Industrial Control Systems (ICS) advisories on April 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-095-01 Hitachi Energy Asset Suite 9 ICSA-24-095-02 Schweitzer Engineering Laboratories SEL CISA encourages users and administrators to review the…
Aggiornamenti di sicurezza Google risolvono 24 vulnerabilità nei dispositivi Pixel. Di tali vulnerabilità si evidenziano le CVE-2024-29745 e CVE-2024-29748, per le quali il vendor afferma la presenza di evidenze di sfruttamento attivo in rete che potrebbero permettere la divulgazione di informazioni sensibili e la possibilità…
Today, CISA published a new dedicated High-Risk Communities webpage comprised of cybersecurity resources to support civil society communities at heighted risk of digital security threats, including cyber hygiene guidance, a repository of local cyber volunteer programs, and free or discounted tools and services. Despite their…
Rilevate 3 vulnerabilità in alcuni Network Video Recorder (NVR) di Hickvision, di cui una con gravità “alta”. Tale vulnerabilità, qualora sfruttata, potrebbe consentire a un utente autenticato con privilegi amministrativi di eseguire comandi arbitrari sui dispositivi interessati. Source link Author: csirt@pec.acn.gov.it Article used for cyber…
It happens occasionally that a customer has to choose between a Palo and a Forti. While I would always favour the Palo for good reasons, I can understand that the Forti is chosen for cost savings, for example. Fortunately, there is a hidden way of…
Apple released security updates to address a vulnerability (CVE-2024-1580) in Safari and macOS. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Safari 17.4.1 macOS…
È stata rilevata una campagna di phishing, volta a carpire le credenziali delle potenziali vittime, che esorta l’utente a visualizzare un presunto documento contenente delle fatture da liquidare. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow…
