Search

Industrial networking device maker Moxa on Jan. 3 released patches for two bugs in its cellular routers, secure routers, and network security appliances, many of which operate in the critical infrastructure sector. One of the bugs — CVE-2024-9140 — was a critical 9.3 flaw that could potentially ...

Siemens disclosed a critical vulnerability in an old power measuring device that enables a remote attacker to gain administrator access by brute-forcing a four-digit PIN. The flaw, tracked as CVE-2024-41798, affects the SENTRON 7KM PAC3200 model of energy monitoring devices and has a CVSS score ...

BSA The Software Alliance has urged G7 member countries to harmonize cloud security certification standards, reports TechXplore. The initiative aims to reduce compliance burdens for cloud service providers and foster international cooperation while maintaining strong security standards. BSA, whi...

GitLab has patched a second critical vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) that could allow attackers to run pipelines as arbitrary users. The vulnerability, tracked as CVE-2024-6385, was fixed in a critical patch release Wednesday and is similar to another f...

Major product lifecycle management software provider PTC has released a fix for a maximum severity vulnerability impacting a license server of its widely used Creo Elements/Direct modeling CAD software, tracked as CVE-2024-6071, reports SecurityWeek. There has been no evidence suggesting any act...

Increasingly prevalent cybersecurity threats against the energy supply chain have prompted the U.S. and other Group of Seven countries to commit to the development of a cybersecurity framework for operational technologies used in managing oil, electricity, and natural gas systems worldwid...

SecurityWeek reports that Siemens confirmed that its Ruggedcom APE1808 devices configured with a Palo Alto Networks virtual next-generation firewall may be impacted by the actively exploited Palo Alto Networks firewall vulnerability, tracked as CVE-2024-3400. Such a development comes after attac...

About this series In 2023, the cybersecurity landscape changed in three significant ways. The Securities and Exchange Commission cut the allowed reporting period following a security breach to just four days. Artificial intelligence began to be used in cyberattacks. And after retreating in 2022,...

New York-based nonprofit health providers Carthage Area Hospital and Claxton-Hepburn Medical Center have reported persistent challenges in restoring systems disrupted by cyberattacks earlier this month claimed by the LockBit ransomware operation, which has warned leaking the data should the hospita...

U.S. radiation oncology treatment and software manufacturer Varian Medical Systems and Southwest Texas-based healthcare provider United Medical Centers are the latest healthcare organizations claimed to have been compromised by the LockBit ransomware operation, according to The Record, a news site b...