CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, featuring two Draytek VigorConnect issues and one Kingsoft WPS Office flaw. BOD 22-01 urges federal agencies to fix these vulnerabilities promptly to thwart cyber threats. Prioritize timely remediation to keep those pesky cyber gremlins at bay!

View CSAF: LOYTEC electronics GmbH’s LINX series is under siege! With vulnerabilities including Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function, and Improper Access Control, even a cyber-rookie could wreak havoc. Update your firmware, follow the security guidelines, and, for heaven’s sake, stop using HTTP!

CISA released an ICS advisory on September 3, 2024. Stay informed about current security issues, vulnerabilities, and exploits in Industrial Control Systems.

Cisco Finesse and friends have an unauthenticated access vulnerability that’s basically an open door for remote attackers. The fix? A software update from Cisco, because the only workaround is wishing you had installed it sooner.

Unlocking the mysteries of protected Word documents involves diving into the word/settings.xml file and locating the w:documentProtection element. While the hash algorithm matches that of OOXML spreadsheets, don’t expect hashcat to save the day—Word passwords are encoded differently. A legacy algorithm and a Python script might just be your new best friends!

CISA sounds the alarm on four new ICS vulnerabilities. These advisories are your golden ticket to staying one step ahead of cyber threats. Don’t miss the technical details and mitigations!

Dive into the ISC Stormcast for Wednesday, September 4th, 2024, where cyber threats are scarier than your boss’s PowerPoint presentations!

New IP address functions have debuted in Wireshark 4.4, but Windows users beware: version 4.4.0 lacks the crucial DLL. Linux and Mac users, you’re in the clear.

Security vulnerabilities fixed in Thunderbird 128.2 include high-impact issues like CVE-2024-8394, which could cause a crash when aborting OTR chat verification, and CVE-2024-8385, involving WASM type confusion. Thunderbird users, update now to stay protected!

Baxter’s Connex Health Portal has a CVSS v3.1 score of 10.0 due to SQL Injection and Improper Access Control vulnerabilities. Hackers could remotely exploit these issues to mess with sensitive data or shut down databases faster than you can say “cybersecurity nightmare.”

Tune into the ISC Stormcast for Wednesday, September 11th, 2024, where we navigate cyber threats with the precision of a caffeinated squirrel on a power line. Get the latest updates and stay ahead of the game!

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including CVE-2024-43491. These vulnerabilities are prime targets for cybercriminals, posing significant risks to federal enterprises.

CISA drops a quartet of ICS advisories, revealing the latest security plot twists in the world of Industrial Control Systems. Users and admins, grab your popcorn and review these bulletins for crucial details and mitigations!

Attention, defenders of the cyber realm! AutomationDirect’s DirectLogic H2-DM1E is under siege by session fixation and authentication bypass vulnerabilities. With a CVSS v4 score of 8.7, these weaknesses could allow an attacker to hijack sessions faster than you can say “network segmentation.” Upgrade to the BRX platform and keep the hackers at bay!

CISA will stop updating ICS security advisories for Siemens product vulnerabilities after the initial notice. For the freshest scoop, check out Siemens’ ProductCERT Security Advisories.

CISA will no longer update ICS security advisories for Siemens product vulnerabilities. For current details, consult Siemens’ ProductCERT Security Advisories.

CISA will stop updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory as of January 10, 2023. For the latest info, check Siemens’ ProductCERT Security Advisories. In short: if you want the scoop on vulnerabilities, Siemens is now your go-to, not CISA.

View CSAF: Rockwell Automation’s 5015-U8IHFT I/O module has an improper input validation flaw, CVE-2024-45825, with a CVSS v4 score of 8.7. Exploitable remotely, it can cause a denial-of-service. Update to version 2.011 or follow best practices to mitigate risks.

Attention all ControlLogix and CompactLogix users: there’s a new vulnerability in town! With a CVSS score of 8.7, this flaw in Rockwell Automation devices could leave your systems as unresponsive as a Monday morning. Make sure to update your software or risk a factory reset headache!

CISA will stop updating ICS security advisories for Siemens product vulnerabilities as of January 10, 2023. For the latest info, check Siemens’ ProductCERT Security Advisories.