Security CERT Global
- CISA Adds One Known Exploited Vulnerability to Catalog
- Ubuntu Security Update
- Mageia Security Update
- Oracle Linux Security Update
- SUSE Security Update
- HP Security Update
- Foxit Security Update
- OpenSSL Security Update
- DebianOS Security Update
- Dell Security Update
- Chrome Security Update
- CVE-2023-32318 (nextcloud_server)
- CERTFR-2023-AVI-0430 : Multiples vulnérabilités dans Stormshield Network Security (02 juin 2023)
- CERTFR-2023-AVI-0428 : Multiples vulnérabilités dans les produits Splunk (02 juin 2023)
- CERTFR-2023-AVI-0429 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (02 juin 2023)
- CERTFR-2023-AVI-0431 : Vulnérabilité dans le noyau Linux de RedHat (02 juin 2023)
- CERT-SE:s veckobrev v.22
- 0-klik-hackangreb mod iOS-brugere
- ESB-2023.3151 - [Win][UNIX/Linux] Splunk Enterprise and Cloud Platform: CVSS (Max): 8.8
- ESB-2023.3147 - [Win][UNIX/Linux] Splunk App: CVSS (Max): 4.7
- ESB-2023.3148 - [Win][UNIX/Linux] Splunk Enterprise and Cloud Platform: CVSS (Max): 4.8
- ESB-2023.3152 - [Win][UNIX/Linux] Google Chrome: CVSS (Max): 8.8*
- ESB-2023.3149 - [Win][UNIX/Linux] Splunk App for Stream: CVSS (Max): 7.8
- ESB-2023.3143 - [Win][UNIX/Linux] Splunk Enterprise: CVSS (Max): 9.8*
- ESB-2023.3153 - [SUSE] kubernetes1.18: CVSS (Max): None
- ESB-2023.3146 - [Win][UNIX/Linux] Universal Forwarders: CVSS (Max): 9.8
- ESB-2023.3150 - [Win][UNIX/Linux] Splunk Enterprise and Cloud Platform : CVSS (Max): 7.2
- ESB-2023.3145 - [Win][UNIX/Linux] Splunk App: CVSS (Max): 8.1
- ESB-2023.3144 - [Win][UNIX/Linux] Splunk Enterprise and Cloud Platform: CVSS (Max): 4.3
- ESB-2023.3131 - [SUSE] openssl-1_1: CVSS (Max): 6.5
- ESB-2023.3134 - Splunk EnterpriseCVSS (Max): 5.4
- ESB-2023.3141 - [Win][UNIX/Linux] Splunk Enterprise and Cloud Platform: CVSS (Max): 4.3
- ESB-2023.3132 - [SUSE] ImageMagick: CVSS (Max): 3.3
- ESB-2023.3138 - [Appliance] Advantech WebAccess/SCADA: CVSS (Max): 7.2
- ESB-2023.3133 - [Debian] cups: CVSS (Max): 5.9
- ESB-2023.3139 - netatalk: CVSS (Max): 9.8
- ESB-2023.3140 - [Win][UNIX/Linux] Splunk Enterprise: CVSS (Max): 3.4
- ESB-2023.3136 - [Win][Linux] Splunk Cloud: CVSS (Max): None
- ESB-2023.3130 - [SUSE] ImageMagick: CVSS (Max): 7.5
- ESB-2023.3135 - [Win][UNIX/Linux] Splunk Enterprise and Cloud Platform: CVSS (Max): 6.5
- ESB-2023.3142 - [Win][UNIX/Linux] Splunk Enterprise and Cloud Platform: CVSS (Max): 7.7
- ESB-2023.3129 - [SUSE] openssl-1_1: CVSS (Max): 6.5
- ESB-2023.3137 - [Appliance] HID Global SAFE: CVSS (Max): 7.3
- CVE-2022-45938
- CVE-2023-28147
- CVE-2023-27745
- CVE-2023-29725
- CVE-2016-15032
- CVE-2023-29724
- CVE-2023-27744
SEC Security Report September 2017
SEC Security Report September 2017: Editor Picks: News Intelligence Alerts Reports
WannaCry Post Mortem: Early Warning Indicators and Lessons Learned for the Healthcare Industry
As the saying goes, “those who don’t learn from history are doomed to repeat it.” Some very recent history that’s worth tuning in to is the story of the WannaCry attacks that took place this past April and May. ….
Source: https://blog.hitrustalliance.net/wannacry-post-mortem-early-warning-indicators-lessons-learned-healthcare-industry/
The State of SCADA HMI Vulnerabilities
Attacking SCADA Through HMIs: SCADA systems run the world’s various critical infrastructure sectors and are thus inherently attractive to different threat actors. Threat actors can use their access to SCADA systems to gather information such as a facility’s layout, critical thresholds, or device settings for use in later attacks.
Source: https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/the-state-of-scada-hmi-vulnerabilities
The future of being human
One of our great debates is whether we are on the cusp of a robot-and-artificial intelligence apocalypse that renders many humans jobless, at least in the sense of work as we know it today: Is super-human intelligence coming soon? Is it coming at all? Are humans in danger? The reality is that, despite great certitude on all sides, no one really knows…
Source: https://www.axios.com/the-future-of-being-human-2476364075.html
GE shifts strategy, financial targets for digital business after missteps
“There was a lot of money spent on Predix,” said a former senior financial executive at GE who worked with Flannery. “They are going to tighten the grip and ensure there’s a return.”
Source: https://www.reuters.com/article/us-ge-digital-outlook-insight/ge-shifts-strategy-financial-targets-for-digital-business-after-missteps-idUSKCN1B80CB
How Machine Learning Enhances The Value Of Industrial Internet of Things
Industrial Internet of Things (IIoT) is already revolutionizing domains such as manufacturing, automobiles and healthcare. But the real value of IIoT will be realized only when Machine Learning (ML) is applied to the sensor data.
Source: https://www.forbes.com/sites/janakirammsv/2017/08/27/how-machine-learning-enhances-the-value-of-industrial-internet-of-things/#c30569b3f389
Threat Intelligence’s Big Data Problem
Security teams are drowning in often useless threat intel data, but signs of maturity are emerging in what IT-Harvest predicts will be a $1.5 billion market by 2018.
Source: https://www.darkreading.com/threat-intelligence/threat-intelligences-big-data-problem/d/d-id/1324702
SANS Institute Survey Finds Unprotected Devices and Ransomware are Top Threats to Industrial Control Systems
SANS Institute’s annual survey of industrial control systems (ICS) has revealed that the introduction of unprotected devices into sensitive ICS networks and ransomware are now among the top threats that organizations face in securing critical infrastructure. In addition, 69% of respondents stated that the level of threats to control systems is now high or severely critical.
Source: http://www.globalsecuritymag.com/SANS-Institute-Survey-Finds,20170814,73115.html
What Is Threat Intelligence? Definition and Examples
Everybody in the security world knows the term “threat intelligence.” At this point, even some non-security folks have started talking about it. But it’s still very poorly understood.
Source: https://www.recordedfuture.com/threat-intelligence-definition/
Ukraine Cyberattack Was Meant to Paralyze, not Profit, Evidence Shows
Cybersecurity experts based their reasoning partly on having identified the group of Ukrainian users who were initially and improbably targeted: tax accountants.
Source: https://www.nytimes.com/2017/06/28/world/europe/ukraine-ransomware-cyberbomb-accountants-russia.html
Shodan and Censys: the ominous guides through the Internet of Things Snapchat caught in phishing campaign
Look around — we are living in the Internet of Things. In our day-to-day life, we encounter things connected to the Internet, starting with our home Wi-Fi routers and leading up to traffic light management systems and street security cameras. Since they are connected, all of them can be found in two worlds — both in the real world and in the Web.
Source: https://www.kaspersky.com/blog/shodan-censys/11430/
Tags: Automation,Big Data,Critical Infrastructure,CyberSecurity,HMI Vulnerabilities,IIot,Industrial Control Systems,Machine Learning,Predix,SCADA,Threat Intelligence,WannaCry,