4 things you can do to minimize cyberattacks on supply and value chains

Supply chain attacks target the weakest spot in most every enterprise’s security program: third-party access. The SolarWinds hack was a classic supply chain attack, compromising downstream organizations in order to traverse the victim’s extended enterprise of customers, suppliers, vendors and other third parties to gain unauthorized access to their on-premises and cloud systems. The hack […]

Continue Reading

The VMware Carbon Black Cloud Workload Patched a Vulnerability

  The VMware Carbon Black Cloud Workload device’s major security vulnerability will indeed permit root access, and the authority to handle most of the solution administration rights. The lately identified vulnerability, trackable as CVE-2021-21982, with a 9.1 CVSS score, remains in the device’s administrative interface and continues to exist because intruders might bypass authentication by […]

Continue Reading

Vulnerabilities in ICS-specific backup solution open industrial facilities to attack

Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation’s FactoryTalk AssetCentre, an ICS-specific backup solution. All of the vulnerabilities have been assigned the maximum (10.0) CVSS v3 base score and, by chaining some of them, an attacker could own a facility’s entire operational technology (OT) network and run commands on server agents […]

Continue Reading

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

FBI and CISA published a joint alert to warn of advanced persistent threat (APT) groups targeting Fortinet FortiOS to access networks of multiple organizations. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published a joint alert to warn of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The […]

Continue Reading

DHS CISA requires federal agencies to assess their Microsoft Exchange servers by April 5

The DHS CISA has issued a supplemental directive that requires all federal agencies to identify vulnerable Microsoft Exchange servers in their infrastructure within five days. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a supplemental directive requiring all federal agencies to identify Microsoft Exchange servers in their environments impacted by […]

Continue Reading

Weintek’s HMI Found with Vulnerabilities which can Allow Attackers to Exploit Devices

  Weintek’s human-machine interface (HMI) products include three types of critical vulnerabilities, according to a cybersecurity researcher – who specializes in industrial control systems (ICS).  Customers should download relevant patches and follow measures to mitigate risks, according to a technical advisory posted by the company. The risk of abuse is higher if the devices are […]

Continue Reading

CISA is warning of vulnerabilities in GE Power Management Devices

U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of flaws in GE Power Management Devices that could allow an attacker to conduct multiple malicious activities on vulnerable systems. U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of vulnerabilities in GE Power Management Devices that could be exploited by an attacker to conduct multiple malicious activities […]

Continue Reading