cybersecurity

Microsoft recently addressed a critical vulnerability (CVE-2024-30085) affecting Windows 11 (version 23H2). This alarming flaw, demonstrated in the highly competitive TyphoonPWN 2024 cybersecurity event, allows attackers to escalate their access privileges to the SYSTEM level—essentially...

If you’re a Windows user, especially one using Microsoft Edge or alternatives powered by Chromium, take note: A new security vulnerability, identified as CVE-2024-12693, has been patched. This one tackles an out-of-bounds memory access issue in Chromium's V8 JavaScript engine. If "V8" sounds...

December 19, 2024—If the Cybersecurity and Infrastructure Security Agency (CISA) is your go-to for safeguarding your digital existence, you’ll want to lean into their latest warning. Buckle up, folks: CISA’s Known Exploited Vulnerabilities (KEV) Catalog has a new addition that could keep IT...

Imagine this: you're in the middle of a hectic day, an email lands in your inbox claiming to be from DocuSign or HubSpot, labeled with an urgent "Please view document" message. It looks professional, legit even, but as you click the link, you're unknowingly offering cybercriminals the keys to...

You’ve got mail! It’s from DocuSign, and it looks super legit—a fresh PDF file buzzing with urgency. But spoiler alert, not every DocuSign request deserves a click. If you’re in Europe (or monitor the IT landscape there), brace yourself: a sophisticated phishing campaign is targeting over 20,000...

Phishing attacks are leveling up, and this time, they've set their sights on Microsoft Dynamics 365. What makes this story particularly alarming? Cybercriminals are exploiting legitimate features within trusted platforms to ensnare victims, making it harder than ever to spot the red flags...

If you thought phishing was stuck sending shady attachments through email, think again. Today’s cybercriminals are crafting smarter, more insidious attacks, like the recent HubPhish campaign. This targeted operation leveraged none other than HubSpot, a widely trusted marketing and sales...

Attention all WindowsForum.com members! A new cybersecurity alert has been issued regarding a critical vulnerability in the Tibbo AggreGate Network Manager—a product widely used in communications and critical manufacturing industries. If you manage industrial control systems (ICS) or are...

Attention, folks in the healthcare sector and tech enthusiasts! Ossur's Mobile Logic Application, a tool critical within the public health sector, has been flagged for multiple vulnerabilities that put sensitive systems at risk of exploitation. This advisory, issued by CISA, shines a spotlight...

Attention WindowsForum readers! A new cyber vulnerability advisory has surfaced, targeting Schneider Electric's Modicon Controllers—an essential brand in the world of industrial automation and control systems (think smart factories, critical utilities, and more). This vulnerability is a...

Big day in industrial cybersecurity, folks. Let's dive into the critical details surrounding the latest advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about vulnerabilities uncovered in the Hitachi Energy SDM600 software. The two vulnerabilities identified...

Heads up to all the defenders of IT environments, administrators, and industrial control system (ICS) professionals: a newly uncovered vulnerability has been disclosed in Siemens' User Management Component (UMC). This vulnerability, identified as CVE-2024-49775, is one of those "you need to act...

Get ready, WindowsForum enthusiasts—it's time to dissect a serious cybersecurity issue affecting industrial systems worldwide. If you’re a tech aficionado or manage industrial control systems (ICS), this is a story you’ll want to stick around for. Delta Electronics’ DTM Soft software has...

If you thought critical infrastructure security was the stuff of action-thriller movies, think again. As the world becomes increasingly interconnected, our industrial control systems (ICS)—the backbone of energy grids, transportation networks, healthcare equipment, and water treatment plants—are...

Are you managing critical infrastructure systems or interfacing with energy sector technologies? Heads up—there’s a fresh cybersecurity advisory that might pique your interest. A newly disclosed vulnerability affecting the Hitachi Energy RTU500 series CMU devices highlights the ongoing battle...

If you’ve been keeping an eye on industrial control system (ICS) vulnerabilities, here’s a new one for your radar: Schneider Electric has reported a serious vulnerability affecting its Accutech Manager software. With a CVSS v3 score of 7.5—indicating high severity—this vulnerability isn’t...

What’s Happening in the Cloud? Hold onto your keyboards, WindowsForum readers—because 20,000 Microsoft Azure accounts in the European manufacturing sector have fallen victim to a targeted phishing campaign. That’s right, 20,000 accounts! According to researchers from Palo Alto Networks’ Unit 42...

When it comes to securing sensitive data in the cloud, Azure Key Vault has been Microsoft’s go-to service for protecting keys and secrets. But what happens when the very policies meant to secure your vault open doors for attackers? A newly discovered configuration flaw in Azure Key Vault’s...

The US Cybersecurity and Infrastructure Security Agency (CISA) has taken a significant leap in enhancing cloud security for federal agencies. Enter Binding Operational Directive (BOD) 25-01: a mandatory directive designed to lock down vulnerabilities and secure Microsoft cloud environments in a...

In a chilling demonstration of how well-coordinated phishing campaigns can wreak havoc, attackers recently targeted corporate Microsoft Azure environments by wielding malicious DocuSign PDF files. These attacks, according to Palo Alto Networks' Unit 42, aimed at infiltrating European automotive...