Threat: it can be anything that can compromise the confidentiality, availability, and integrity of one or more cyber-assets. In this context, threats can be natural, technological or entities. A few real examples below.
Vulnerability: it can be one or more weaknesses which can be used by a threat to compromise one or mode cyber-assets. In this context, vulnerabilities can be procedural, technological, or physical. A few real examples below.
CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems
Eduardo Kando
February 10, 2023
0
CISA has issued a warning about critical vulnerabilities in Siemens, GE Digital, and Contec industrial control systems. These flaws could allow attackers to gain access to and manipulate the systems.
Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices
Eduardo Kando
January 28, 2023
0
"This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system," Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Mill...
CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks
Eduardo Kando
January 15, 2023
0
CISA has issued an alert warning of active exploitation of vulnerabilities in Veeam Backup and Replication. Organizations should take steps to protect their systems from potential attacks.
New attacks use Windows security bypass zero-day to drop malware
Eduardo Kando
November 20, 2022
0
New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings.
Rationalization: Stop spending valuable resources wrongly
Maximillian G. Kon
November 13, 2022
0
We see very often how companies (through their security staff) go shopping and rush to spend, often pushed by the pressure of the business, the inertia of the market, lack of knowledge, skill and oppo...
Hacker-made Linux Cobalt Strike beacon used in ongoing attacks
Eduardo Kando
September 12, 2021
0
Cobalt Strike is a commercial penetration testing tool, which gives security testers access to a large variety of attack capabilities. Cobalt Strike can be used to conduct spear-phishing and gain unau...
Malware Hidden In GPU Memory, Invisible to Antivirus Applications, Could Potentially Harm PCs
Eduardo Kando
September 1, 2021
0
Criminals in cyberspace have created a malware program that can be hidden in GPU memory and make it invisible to antivirus applications. Hackers Could Store Malware Within Your GPU Memory, Undetectabl...
Serious Security: Linux Kernel Bugs That Emerged After 15 Years
Eduardo Kando
March 18, 2021
0
Researchers from cybersecurity company GRIMM recently published an interesting trio of bugs they found in the Linux kernel… … In a code that had been there without attracting attention for...
The U.S. food supply is not cyber-secure or safe from threats to control systems
Eduardo Kando
March 15, 2021
0
The U.S. Food and Drug Administration (FDA) issued the final rule on the Food Safety Modernization Act (FSMA) in November 2015 and, according to the FDA's website, is still in effect as of 10/21/2020....
Snake Ransomware Delivers Double-Strike on Honda, Energy Co.
Eduardo Kando
June 20, 2020
0
The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American energy company, researchers said.
Load More