Teachers unable to get paychecks. Tax and customs systems paralyzed. Health officials unable to access medical records or track the spread of COVID-19. A country’s president declaring war against foreign hackers saying they want to overthrow the government. For two months now, Costa Rica has been reeling from unprecedented ransomware attacks disrupting everyday life in…

CyberCatch today announced the publication of its quarterly Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) for Q1 2022 to alert small and medium-sized businesses (SMBs) to an alarming rise in vulnerabilities detected in Internet-facing websites, servers and applications. Of greatest concern, CyberCatch’s SMBVR has detected – for the first time in the report’s history —…

Motorola described the Public Safety Threat Alliance (PSTA) as an information sharing and analysis organization (ISAO) and noted that it’s recognized by the US Cybersecurity and Infrastructure Security Agency (CISA), which serves as its National Coordinator for Critical Infrastructure Security and Resilience. The PSTA is open to all public safety agencies. Its role is to…

The FBI in March targeted and disabled the command and control communications of a botnet controlled by the infamous Russian General Staff Main Intelligence Directorate (GRU) hacking team Sandworm, the US Department of Justice (DoJ) announced today. The botnet used WatchGuard Technologies and ASUSTek Computer (ASUS) firewalls compromised with the so-called Cyclops Blink malware, which…

An advisory released earlier this month by Japan’s JPCERT/CC revealed that the product is affected by five use-after-free and out-of-bounds vulnerabilities, all with a CVSS score of 7.8. CX-Programmer, which is part of Omron’s CX-One automation software suite, is designed for programming and debugging Omron programmable logic controllers (PLCs). According to the U.S. Cybersecurity and…

One of these is CVE-2022-24086, a critical-severity (CVSS score 9.8) vulnerability in Adobe Commerce and Magento. Described as an improper input validation bug, the security hole can be exploited to achieve remote code execution, without authentication. On Sunday, Adobe released an emergency advisory to warn that it had observed very limited attacks targeting CVE-2022-24086. The…

Tracked as CVE-2021-36260 and affecting over 70 cameras and NVRs from Hikvision, the critical-severity bug can be exploited to gain root access and completely take over vulnerable devices, without any form of user interaction. Hikvision released patches for the vulnerability on September 18 and, shortly after, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted…

The executive order on improving the nation’s cybersecurity tasked CISA with developing playbooks for federal civilian agencies to help them plan and conduct vulnerability and incident response. While the playbooks have been created for federal civilian agencies and their contractors, CISA says the information could also be useful to critical infrastructure organizations and private sector…

Last month we celebrated the 18th year of the Cybersecurity Awareness Month, which was previously known as National Cybersecurity Awareness Month. Under the slogan “Do Your Part. #BeCyberSmart”, the Cybersecurity and Infrastructure Security Agency (CISA) together with the National Cyber Security Alliance (NCSA) each year encourage individuals and organizations to own their role in protecting…