Tag: advisory
-
Critical Flaw in Progress LoadMaster Allows Attackers to Execute System Commands
by
in SecurityNewsA series of critical security vulnerabilities have been identified in Progress Software’s LoadMaster application, potentially allowing remote attackers to execute system commands or access sensitive files. CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, and CVE-2024-56135, affect all current versions of LoadMaster, including Multi-Tenant LoadMaster (MT) deployments, prompting an urgent patch advisory for users. Progress Software has confirmed that no active exploits of these…
-
Hackers breach Microsoft IIS services using Cityworks RCE bug
by
in SecurityNewsHackers are exploiting a high-severity remote code execution (RCE) flaw in Cityworks deployments, a GIS-centric asset and work order management software, to execute codes on a customers’ Microsoft web servers.In a coordinated advisory with the US Cybersecurity and Infrastructure Security Agency (CISA), Cityworks’ developer Trimble said that the vulnerability, tracked as CVE-2025-0994 with CVSS rating…
-
Dell Update Manager Plugin Flaw Exposes Sensitive Data
by
in SecurityNewsDell Technologies has issued asecurity advisory (DSA-2025-047)to address a vulnerability in the Dell Update Manager Plugin (UMP) that could expose sensitive data to malicious actors. The flaw, identified as CVE-2025-22402, is categorized as a low-risk issue but requires immediate attention and remediation for affected users. The vulnerability has been classified asImproper Neutralization of Script-Related HTML Tags…
-
Cisco IOS SNMP Vulnerabilities Allow Attackers to Launch DoS Attacks<<
by
in SecurityNewsCisco has disclosed multiple vulnerabilities in its Simple Network Management Protocol (SNMP) subsystem affecting Cisco IOS, IOS XE, and IOS XR software. These flaws, identified as high-severity, could allow an authenticated remote attacker to trigger Denial-of-Service (DoS) conditions, disrupting network operations. Key Details According to the Cisco Security Advisory ID: cisco-sa-snmp-dos-sdxnSUcW, the vulnerabilities stem from improper…
-
Zyxel won’t patch newly exploited flaws in endlife routers
Zyxel has issued a security advisory about actively exploited flaws in CPE Series devices, warning that it has no plans to issue fixing patches and urging users to move to actively supported models. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zyxel-wont-patch-newly-exploited-flaws-in-end-of-life-routers/
-
It pays to know how your cybersecurity stacks up
by
in SecurityNewsLike all other business leaders, chief information security officers (CISOs) could find themselves on the unemployment line if something on their watch goes seriously sideways.But what if CISOs simply aren’t demonstrating enough business value?With companies cutting costs, proving cybersecurity programs are good for the business has become vital to protecting budgets and jobs. That’s why…
-
7 tips for improving cybersecurity ROI
by
in SecurityNews
Tags: advisory, ai, attack, business, ciso, compliance, control, corporate, cyber, cybersecurity, data, defense, detection, exploit, finance, gartner, group, incident response, infrastructure, intelligence, metric, monitoring, network, privacy, resilience, risk, risk-assessment, risk-management, service, siem, software, strategy, technology, threat, tool, vulnerability, wafWhen it comes to cybersecurity investments, smart money is directed toward initiatives that deliver the greatest protection at the lowest possible cost. But what appears to be a straightforward calculation can often be anything but.CISOs perennially face challenges securing adequate funding to safeguard the enterprise, placing them often in difficult positions attempting to stretch resources…
-
Sophos finalizes $859 million acquisition of rival Secureworks
by
in SecurityNewsSophos has announced the completion of its $859 million acquisition of Secureworks. The deal makes Sophos one of the largest providers of managed detection and response (MDR) services, with the company now supporting more than 28,000 businesses around the world.According to the companies, the acquisition will enable Sophos to offer a best-in-class, open, and scalable…
-
The CISO’s role in advancing innovation in cybersecurity
by
in SecurityNews
Tags: access, advisory, ai, attack, best-practice, business, ceo, ciso, conference, cyber, cybersecurity, finance, network, phone, risk, startup, strategy, technology, threat, toolCybersecurity leaders have an advantage when it comes to innovation given their front seat facing new and old threats. That is why many CISOs are playing an active role in shaping emerging solutions, which also gives them a clear understanding of where current solutions fall short.”CISOs can play a part in supporting innovation by shaping…
-
Former CSRB members largely silent on dismissal
The Cyber Safety Review Board was investigating recent attacks by Chinese state-sponsored threat actor Salt Typhoon when DHS terminated all advisory board memberships. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366618514/Former-CSRB-members-largely-silent-on-dismissal
-
CISA Warns of Flaws in Aircraft Collision Avoidance Systems
by
in SecurityNewsHackers Unlikley to Exploit Flaws in The Wild. Security researchers found an unpatchable flaw in the system that prevents commercial aircraft from crashing into each other, the U.S. federal government said in a Tuesday advisory that called the likelihood of its exploitation unlikely outside of a laboratory setting First seen on govinfosecurity.com Jump to article:…
-
Ivanti CSA exploit chains examined in joint CISA, FBI advisory
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/ivanti-csa-exploit-chains-examined-in-joint-cisa-fbi-advisory
-
Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques
by
in SecurityNewsCYFIRMA’s Research and Advisory team has identified a new strain of ransomware labeled >>Nnice,
-
Cisco patches antivirus decommissioning bug as exploit code surfaces
by
in SecurityNewsCisco has patched a denial-of-service (DoS) vulnerability affecting its open-source antivirus software toolkit, ClamAV, which already has a proof-of-concept (PoC) exploit code available to the public.Identified as CVE-2025-20128, the vulnerability stems from a heap-based buffer overflow in the Object Linking and Embedding 2 (OLE2) decryption routine, enabling unauthenticated remote attackers to cause a DoS condition…
-
Cisco Warns of Critical Privilege Escalation Vulnerability in Meeting Management Platform
by
in SecurityNewsCisco has issued a security advisory regarding a critical privilege escalation vulnerability found in Cisco Meeting Management. The vulnerability is tied to the REST API component of the platform, and if exploited, it could allow an attacker to escalate their privileges from a low-level authenticated user to an administrator. First seen on thecyberexpress.com Jump to…
-
SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks
by
in SecurityNews
Tags: advisory, attack, cve, cvss, cyber, exploit, incident response, security-incident, threat, update, vulnerabilityA critical vulnerability in SonicWall’s SMA1000 series tracked as CVE-2025-23006, has come under active exploitation by threat actors. SonicWall’s PSIRT (Product Security Incident Response Team) has issued an urgent advisory urging users to update their systems immediately to mitigate risks. Details of CVE-2025-23006 The vulnerability, which scores an alarming9.8/10on the CVSS v3 severity scale, stems from…
-
Cyber Safety Review Board axed in DHS cost-cutting move
by
in SecurityNewsBenjamine C. Huffman, acting secretary of the Department of Homeland Security under Trump, terminates the memberships for all DHS advisory committees, including the CSRB. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366618188/Cyber-Safety-Review-Board-axed-in-DHS-cost-cutting-move
-
Cisco Warns of Meeting Management API Privilege Escalation Vulnerability
by
in SecurityNewsCisco has issued a critical advisory regarding a privilege escalation vulnerability in its Meeting Management REST API. The flaw tracked as CVE-2025-20156, allows a remote, authenticated attacker with low privileges to elevate their access to administrator-level control on affected devices, posing a significant threat to affected systems. Vulnerability Details The vulnerability stems from improper authorization enforcement…
-
Trump ‘waved a white flag to Chinese hackers’ as Homeland Security axed cyber advisory boards
And: America ‘has never been less secure,’ retired rear admiral tells Congress First seen on theregister.com Jump to article: www.theregister.com/2025/01/22/dhs_axes_cyber_advisory_boards/
-
Trump ‘waved a white flag to Chinese hackers’ as DHS axed cyber advisory boards
by
in SecurityNews‘The homeland has never been less secure,’ retired Rear Admiral tells Congress First seen on theregister.com Jump to article: www.theregister.com/2025/01/22/dhs_axes_cyber_advisory_boards/
-
Trump disbands Cyber Safety Review Board, Salt Typhoon inquiry in limbo
by
in SecurityNews
Tags: advisory, ai, attack, china, cisa, crowdstrike, cyber, cybersecurity, government, group, hacking, healthcare, incident, infrastructure, microsoft, network, ransomware, sbom, service, technology, threat, vulnerabilityThe administration of US President Donald Trump has dismissed all members of its Cyber Safety Review Board (CSRB), including those investigating the China-linked hacking group Salt Typhoon. Other groups affected by a general clear-out include the AI Safety and Security Board and the National Security Telecommunications Advisory Committee.Cybersecurity experts have expressed concern about the move,…
-
Trump administration disbands DHS board investigating Salt Typhoon hacks
by
in SecurityNews
Tags: advisory, ai, attack, china, cisa, crowdstrike, cyber, cybersecurity, government, group, hacking, healthcare, incident, infrastructure, microsoft, network, ransomware, sbom, service, technology, threat, vulnerabilityThe administration of US President Donald Trump has dismissed all members of its Cyber Safety Review Board (CSRB), including those investigating the China-linked hacking group Salt Typhoon. Other groups affected by a general clear-out include the AI Safety and Security Board and the National Security Telecommunications Advisory Committee.Cybersecurity experts have expressed concern about the move,…
-
DHS disbands existing advisory board memberships, raising questions about CSRB
by
in SecurityNewsThe Cyber Safety Review Board was investigating the hacks of U.S.;telecom firms attributed to the Salt Typhoon threat group. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/dhs-disbands-advisory-board-csrb/737976/
-
Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
by
in SecurityNewsThe new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS). “In alignment with the Department of Homeland Security’s (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on…
-
Trump administration dismisses members of all DHS advisory panels, including CSRB
by
in SecurityNewsThe Department of Homeland Security has cleared all its advisory bodies, including the influential Cyber Safety Review Board, of current members, including experts from the private sector. It’s unclear what the panels’ future will be in the Trump administration.]]> First seen on therecord.media Jump to article: therecord.media/trump-dhs-removal-private-sector-members-advisory-boards
-
Trump administration removes private sector leaders from all DHS panels, including CSRB
by
in SecurityNewsA memo from the acting secretary of Homeland Security cleared all DHS advisory bodies, including the influential Cyber Safety Review Board, of members from the private sector. It’s unclear what their future will be in the Trump administration. ]]> First seen on therecord.media Jump to article: therecord.media/trump-dhs-removal-private-sector-members-advisory-boards