As the implementation of multi-factor authentication (MFA) becomes prevalent, there is a growing surge in attempts to bypass, breach, and hijack its security measures. Threat actors have increasingly utilized session hijacking in attempts to bypass MFA checkpoints.
This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. A vulnerability has been discovered in Zimbra Collaboration...
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), United States government, and international partners—released the Principles of Operational Technology Cybersecurity.
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges of the user...
Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. Successful exploitation could allow for remote code execution...
Multiple vulnerabilities have been discovered in Foxit PDF Reader and Editor, the most severe of which could result in arbitrary code execution. Foxit PDF Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
Octo2, the newest variant of Octo, has been observed in a campaign in several European countries. Originally spotted in 2016 as Exobot, Octo2 has undergone many upgrades and transformations since its humble beginnings as a banking trojan. After Octo’s source code was leaked...
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding state-sponsored threat actors' attempts to breach critical infrastructure networks. Cyberattacks on water and wastewater systems could have catastrophic impacts. Click to learn more.
October marks the 21st anniversary of Cybersecurity Awareness Month, which is dedicated to raising awareness of the importance of protecting online information through cybersecurity best practices. Cybersecurity Awareness Month is a collaborative effort led by CISA/NCA.
