CISA is warning us (again) about the threat to critical infrastructure networks
Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice.
Are hardware supply chain attacks “cyber attacks?”
It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.
Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam
Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email.
Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC
Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller.
Talk of election security is good, but we still need more money to solve the problem
This year, Congress only allocated $55 million in federal grant dollars to states for security and other election improvements.
We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders
A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America.
Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API
CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges.
Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.