A federal grand jury has indicted a former employee of a contractor operating a California town's wastewater treatment facility, alleging that he remotely turned off critical systems and could have endangered public health and safety. 53-year-old Rambler Gallor of Tracy, California, held a full-time position at a Massachusetts company that was contracted by the town of Discovery Bay to operate its water treatment plant. READ MORE...
Revelations that hackers in China used a Microsoft security flaw to execute a highly targeted, sophisticated operation targeting some two dozen entities, including the U.S. commerce secretary, have officials and researchers alike exasperated the company's products have once again been used to pull off an intelligence coup. What's worse, U.S. cybersecurity workers only discovered the operation this week thanks to a premium Microsoft logging service. READ MORE...
Cyber-attacks occur globally, targeting every industry, and business size. As users, authentication, and data move outside of the network, thanks to widespread SaaS adoption, they create a larger attack surface for businesses. The average company uses 254 applications, and more than half are not owned or managed by the IT department. This diminishes the ability to enforce basic security practices, such as multi-factor authentication and password policies. READ MORE...
A computer flying hundreds or even thousands of kilometers in the sky, at a speed of tens of thousands of kilometers an hour, is nonetheless still a computer. And every connected computer has an attack surface. Researchers, nation-states, and even ordinary cybercriminals have long demonstrated how to hijack the control and communications aspects of satellite technology. Just last year, on the day of its ground invasion, Russian hackers caused an outage for the Ukrainian satellite Internet service provider Viasat. READ MORE...
Adobe on Friday announced patches for a critical-severity vulnerability in ColdFusion that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-38203 (CVSS score of 9.8), the flaw is described as "deserialization of untrusted data" in ColdFusion versions 2023, 2021 and?2018. This typically allows an attacker to supply specially crafted data and trigger the execution of arbitrary code, potentially leading to complete system compromise. READ MORE...
A critical security vulnerability in Cisco's SD-WAN vManage software could allow a remote, unauthenticated attacker to gain read and limited write permissions, and access data. The bug carries a score of 9.1 out of 10 on the CVSS vulnerability-severity scale, and it exists in the vManage API, which is used to monitor and configure Cisco devices running on an overlay network, the company explained. READ MORE...