Adobe recently issued a patch for a high-severity vulnerability for ColdFusion versions 2023.11 and 2021.17 and earlier; according to the National Institute of Standards and Technology  (NIST), “an attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure

According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang claimed responsibility for the attacks on its website. The vulnerabilities affect Cleo’s products LexiCom, VLTrader, and Harmony. Cleo reportedly services approximately

According to statements by the Cybersecurity and Infrastructure Security Agency (CISA), the People’s Republic of China-backed (PRC) hacking group Salt Typhoon, which attacked telecommunications providers last month, is still infiltrating the providers and it is “impossible for us to predict a time frame on when we’ll have full eviction.” One reason is that the hackers

On December 4, 2024, four of the five members of the Five Eyes intelligence-sharing group (the United States, Australia, Canada, and New Zealand) law enforcement and cyber security agencies (Agencies) published a joint guide for network engineers, defenders of communications infrastructure and organizations with on-premises enterprise equipment (the Guide). The Agencies strongly encourage applying the

The Town of Enfield, New Hampshire, appears to have been the victim of a man-in-the-middle scheme involving the transfer of $742,000 to a fraudulent bank account. The town is constructing a new $7.2 million public safety building. An employee was tricked into sending the payment to a fraudulent bank account instead of the construction company

The U.S.-China Economic and Security Review Commission, released its annual report to Congress this month.  The 793-page report responds to the Commission’s mandate to “monitor, investigate, and report to Congress on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China.” The report is

On November 12, 2024, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency, along with its security partners in Australia, Canada, New Zealand, and the United Kingdom, issued the cybersecurity advisory “2023 Top Routinely Exploited Vulnerabilities,” outlining top vulnerabilities impacting companies across the free world.

The