CISA warns of remote code execution vulnerability with Discourse

Open Source CISA urged developers to update Discourse versions 2.7.8 and earlier in a notice sent out on Sunday, warning that a remote code execution vulnerability was tagged as “critical.” …

Admins Urged by CISA to Patch Critical RCE Bug Found in Discourse

A critical RCE flaw discovered in the open-source Internet forum Discourse tracked as CVE-2021-41163, has been addressed in an urgent update on Friday. What Is Discourse? Discourse, which was founded in…

Groove Calls for Cyberattacks on US as REvil Payback

The bold move signals a looming clash between Russian ransomware groups and the U.S. Following the recent international law enforcement effort that dismantled the infrastructure for the REvil ransomware group,…

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks

The Nobelium group, linked to Russia’s spy agency, is looking to use resellers as a path to infiltrate their valuable downstream customers – and it’s working. The SolarWinds attackers –…

CISA Urges Sites to Patch Critical RCE in Discourse

The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central. Discourse – the ultra-popular,…

SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns

Microsoft has warned that Nobelium, the hacking group behind the SolarWinds fiasco, has targeted at least 140 resellers and technology service providers in global IT supply chains. On October 24,…

CISA warns of trojanized versions of JavaScript library’s NPM package

The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository. On Friday, the US Cybersecurity and Infrastructure…

CISA awards $2 million to cybersecurity programs for rural, diverse communities

CISA has announced awards of $2 million to two organizations training underserved communities in cybersecurity.  The funding will go to NPower and CyberWarrior, two programs helping to train veterans, military…

Cisco SD-WAN Security Bug Allows Root Code Execution

The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw. Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could allow…

Republican Senate leaders slam new TSA cybersecurity regulations for rail, aviation industry

Republican leaders in the US Senate have come out harshly against new cybersecurity regulations designed to protect US railroad and airport systems.  The new rules were handed down earlier this…