If you thought phishing was stuck sending shady attachments through email, think again. Today’s cybercriminals are crafting smarter, more insidious attacks, like the recent HubPhish campaign. This targeted operation leveraged none other than HubSpot, a widely trusted marketing and sales...
Attention all WindowsForum.com members! A new cybersecurity alert has been issued regarding a critical vulnerability in the Tibbo AggreGate Network Manager—a product widely used in communications and critical manufacturing industries. If you manage industrial control systems (ICS) or are...
Attention, folks in the healthcare sector and tech enthusiasts! Ossur's Mobile Logic Application, a tool critical within the public health sector, has been flagged for multiple vulnerabilities that put sensitive systems at risk of exploitation. This advisory, issued by CISA, shines a spotlight...
Attention WindowsForum readers! A new cyber vulnerability advisory has surfaced, targeting Schneider Electric's Modicon Controllers—an essential brand in the world of industrial automation and control systems (think smart factories, critical utilities, and more). This vulnerability is a...
Big day in industrial cybersecurity, folks. Let's dive into the critical details surrounding the latest advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) about vulnerabilities uncovered in the Hitachi Energy SDM600 software. The two vulnerabilities identified...
Heads up to all the defenders of IT environments, administrators, and industrial control system (ICS) professionals: a newly uncovered vulnerability has been disclosed in Siemens' User Management Component (UMC). This vulnerability, identified as CVE-2024-49775, is one of those "you need to act...
Get ready, WindowsForum enthusiasts—it's time to dissect a serious cybersecurity issue affecting industrial systems worldwide. If you’re a tech aficionado or manage industrial control systems (ICS), this is a story you’ll want to stick around for. Delta Electronics’ DTM Soft software has...
If you thought critical infrastructure security was the stuff of action-thriller movies, think again. As the world becomes increasingly interconnected, our industrial control systems (ICS)—the backbone of energy grids, transportation networks, healthcare equipment, and water treatment plants—are...
Are you managing critical infrastructure systems or interfacing with energy sector technologies? Heads up—there’s a fresh cybersecurity advisory that might pique your interest. A newly disclosed vulnerability affecting the Hitachi Energy RTU500 series CMU devices highlights the ongoing battle...
If you’ve been keeping an eye on industrial control system (ICS) vulnerabilities, here’s a new one for your radar: Schneider Electric has reported a serious vulnerability affecting its Accutech Manager software. With a CVSS v3 score of 7.5—indicating high severity—this vulnerability isn’t...
What’s Happening in the Cloud?
Hold onto your keyboards, WindowsForum readers—because 20,000 Microsoft Azure accounts in the European manufacturing sector have fallen victim to a targeted phishing campaign. That’s right, 20,000 accounts! According to researchers from Palo Alto Networks’ Unit 42...
When it comes to securing sensitive data in the cloud, Azure Key Vault has been Microsoft’s go-to service for protecting keys and secrets. But what happens when the very policies meant to secure your vault open doors for attackers? A newly discovered configuration flaw in Azure Key Vault’s...
The US Cybersecurity and Infrastructure Security Agency (CISA) has taken a significant leap in enhancing cloud security for federal agencies. Enter Binding Operational Directive (BOD) 25-01: a mandatory directive designed to lock down vulnerabilities and secure Microsoft cloud environments in a...
In a chilling demonstration of how well-coordinated phishing campaigns can wreak havoc, attackers recently targeted corporate Microsoft Azure environments by wielding malicious DocuSign PDF files. These attacks, according to Palo Alto Networks' Unit 42, aimed at infiltrating European automotive...
Welcome to another cyber war zone update, where phishing tactics are cranking up the sophistication scale. This time, we’re diving into the lurking shadows of a major phishing campaign that weaponizes HubSpot’s Free Form Builder to target Microsoft Azure credentials, wreaking havoc across...
Heads up, Windows users — the Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on two newly-added vulnerabilities that deserve everyone’s immediate attention. These vulnerabilities target two major software platforms: Adobe ColdFusion and Windows Kernel-Mode Driver...
In a laudable achievement for the cybersecurity realm, Torvald Johnson of Performanta was recently distinguished as a Microsoft Most Valuable Professional (MVP) in Security Copilot. If this news doesn’t make your metaphorical firewalls burst with pride, let’s break it down. This accolade not...
It’s a classic phishing tale, but this time, the stakes are raised higher than ever. Cybercriminals are trawling the depths of email inboxes with sophisticated phishing campaigns, targeting one of the most foundational tools for modern businesses—Microsoft Azure. What’s worse? They’re luring...
Picture this: over 600 million ransomware, phishing, and identity attacks hitting the internet every single day. That’s the alarming reality Microsoft encounters firsthand through its vast telemetry network. For businesses shrugging their shoulders at the onslaught of cyber threats, it might be...
In a noteworthy revelation, security researchers recently unveiled critical vulnerabilities within Microsoft's Azure Data Factory—a service often celebrated for its ability to seamlessly orchestrate data pipelines. Coupled with Apache Airflow, a popular open-source workflow scheduler, these...