Courtesy of the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Education and Training Assistance Program (CETAP) grant, the program will include a series of summer camps meant to introduce students aged 13 to 21 to key cybersecurity topics and help them develop skills that will allow them to pursue potential careers in the industry. The program…

The 2022 CWE Top 25 Most Dangerous Software Weaknesses list contains the most common and impactful weaknesses, and is based on the analysis of nearly 38,000 CVE records from the previous two years. Out-of-bounds write and cross-site scripting (XSS) remain the two most dangerous vulnerabilities. Some of the most significant changes include race conditions moving…

Teachers unable to get paychecks. Tax and customs systems paralyzed. Health officials unable to access medical records or track the spread of COVID-19. A country’s president declaring war against foreign hackers saying they want to overthrow the government. For two months now, Costa Rica has been reeling from unprecedented ransomware attacks disrupting everyday life in…

CyberCatch today announced the publication of its quarterly Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) for Q1 2022 to alert small and medium-sized businesses (SMBs) to an alarming rise in vulnerabilities detected in Internet-facing websites, servers and applications. Of greatest concern, CyberCatch’s SMBVR has detected – for the first time in the report’s history —…

Motorola described the Public Safety Threat Alliance (PSTA) as an information sharing and analysis organization (ISAO) and noted that it’s recognized by the US Cybersecurity and Infrastructure Security Agency (CISA), which serves as its National Coordinator for Critical Infrastructure Security and Resilience. The PSTA is open to all public safety agencies. Its role is to…

The FBI in March targeted and disabled the command and control communications of a botnet controlled by the infamous Russian General Staff Main Intelligence Directorate (GRU) hacking team Sandworm, the US Department of Justice (DoJ) announced today. The botnet used WatchGuard Technologies and ASUSTek Computer (ASUS) firewalls compromised with the so-called Cyclops Blink malware, which…

An advisory released earlier this month by Japan’s JPCERT/CC revealed that the product is affected by five use-after-free and out-of-bounds vulnerabilities, all with a CVSS score of 7.8. CX-Programmer, which is part of Omron’s CX-One automation software suite, is designed for programming and debugging Omron programmable logic controllers (PLCs). According to the U.S. Cybersecurity and…

One of these is CVE-2022-24086, a critical-severity (CVSS score 9.8) vulnerability in Adobe Commerce and Magento. Described as an improper input validation bug, the security hole can be exploited to achieve remote code execution, without authentication. On Sunday, Adobe released an emergency advisory to warn that it had observed very limited attacks targeting CVE-2022-24086. The…

Tracked as CVE-2021-36260 and affecting over 70 cameras and NVRs from Hikvision, the critical-severity bug can be exploited to gain root access and completely take over vulnerable devices, without any form of user interaction. Hikvision released patches for the vulnerability on September 18 and, shortly after, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted…