(Adobe Stock)

Sierra router vulnerabilities pose hacking risk for critical infrastructure

Laura FrenchDecember 6, 2023

More than 20 new vulnerabilities, including one critical vulnerability, enable denial-of-service attacks, remote code execution and more.

Threat Intelligence: Eyes on the enemy

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Leadership

Steve Katz dies; cybersecurity innovator known as ‘World’s First CISO’

Steve ZurierDecember 6, 2023

The former Citibank CISO was well-known as an industry pioneer and for mentoring cybersecurity talent in a most generous way.

Adobe Systems headquarters in Silicon Valley.

Patch/Configuration Management

Unpatched Adobe ColdFusion bug led to double breach of US federal agency

Simon HenderyDecember 6, 2023

Hackers gained initial access to the civilian agency two months after a mandatory deadline to patch the vulnerability had expired.

Email security

US aerospace firm downed by spearphishing attack

Steve ZurierDecember 5, 2023

While AeroBlade’s techniques are more sophisticated in many ways, security pros say the initial attack vector was a common spearphishing attack – something U.S. companies must do a better job protecting against.

Cloud Security

Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug

Simon HenderyDecember 5, 2023

Ongoing exploitation of unpatched instances of a Microsoft Exchange flaw is being tied to Russia-linked APT28 or Fancy Bear.

Privacy

23andMe confirms nearly 7 million customers affected in data leak

Laura FrenchDecember 4, 2023

The company told SC Media about 14,000 accounts were accessed, with millions more DNA Relatives caught in the crossfire.

Malware

MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks

Steve ZurierDecember 4, 2023

The move by the threat actors to attack 32-bit MIPS processors reflects an attempt to propagate the P2Pinfect malware to a broader range of targets.

Critical Infrastructure Security

Cyber Av3ngers gang hacks industrial controllers across multiple US states

Simon HenderyDecember 4, 2023

Default passwords enabled the Iranian-linked APT to compromise Israeli-made control systems at water and wastewater facilities, a public aquarium and a brewery.

Application security

Apple issues emergency fixes for 2 WebKit 0-days exploited in the wild

Laura FrenchDecember 1, 2023

iOS 17.1.2, macOS Sonoma 14.1.2 and Safari 17.1.2 updates resolve the vulnerabilities.

Sierra router vulnerabilities pose hacking risk for critical infrastructure

Threat Intelligence: Eyes on the enemy

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

Why the United States has to rethink its critical infrastructure strategy

Embrace AI and stay competitive, or watch the business fall behind

Lessons from the New Jersey and New York healthcare cyber breaches

SolarWinds lawsuit by SEC puts CISOs in the hot seat

How secure Network-as-a-Service can help network transformation

In Brief

Malvertising leveraged to distribute Cactus ransomware

Exposed Hugging Face API tokens could compromise major orgs

Repojacking attacks against over 15K Go module repositories likely

Cyberattack disclosed by HTC Global Services following ALPHV/BlackCat leak

Florida water agency impacted by cyberattack

More Resources

PCI DSS 4.0: What changes for AppSec?

Key questions to ask when evaluating an identity and access security vendor

Account-opening solutions offer strong returns on investment

7-hour recovery: How an American business beat ransomware

Chargeback protection market set for explosive growth

Steve Katz dies; cybersecurity innovator known as ‘World’s First CISO’

Unpatched Adobe ColdFusion bug led to double breach of US federal agency

US aerospace firm downed by spearphishing attack

Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug

23andMe confirms nearly 7 million customers affected in data leak

MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks

Cyber Av3ngers gang hacks industrial controllers across multiple US states

Apple issues emergency fixes for 2 WebKit 0-days exploited in the wild

EVENTS

AI & automation: Redefining and revolutionizing cyber

Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware

CISO Stories: Balancing IAM Cost, Security, and Experience

A CISOs Guide to Effective Security Practices in Cloud Computing Environments

Ransomware attack lessons, from MOVEit and Doubledrive to MGM/Caesars

Cybersecurity News, Awards, Webinars, eSummits, Research

Sierra router vulnerabilities pose hacking risk for critical infrastructure

Threat Intelligence: Eyes on the enemy

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

Why the United States has to rethink its critical infrastructure strategy

Embrace AI and stay competitive, or watch the business fall behind

Lessons from the New Jersey and New York healthcare cyber breaches

SolarWinds lawsuit by SEC puts CISOs in the hot seat

How secure Network-as-a-Service can help network transformation

In Brief

Malvertising leveraged to distribute Cactus ransomware

Exposed Hugging Face API tokens could compromise major orgs

Repojacking attacks against over 15K Go module repositories likely

Cyberattack disclosed by HTC Global Services following ALPHV/BlackCat leak

Florida water agency impacted by cyberattack

More Resources

PCI DSS 4.0: What changes for AppSec?

Key questions to ask when evaluating an identity and access security vendor

Account-opening solutions offer strong returns on investment

7-hour recovery: How an American business beat ransomware

Chargeback protection market set for explosive growth

Steve Katz dies; cybersecurity innovator known as ‘World’s First CISO’

Unpatched Adobe ColdFusion bug led to double breach of US federal agency

US aerospace firm downed by spearphishing attack

Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug

23andMe confirms nearly 7 million customers affected in data leak

MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks

Cyber Av3ngers gang hacks industrial controllers across multiple US states

Apple issues emergency fixes for 2 WebKit 0-days exploited in the wild

EVENTS

AI & automation: Redefining and revolutionizing cyber

Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware

CISO Stories: Balancing IAM Cost, Security, and Experience

A CISOs Guide to Effective Security Practices in Cloud Computing Environments

Ransomware attack lessons, from MOVEit and Doubledrive to MGM/Caesars