The Hacker News
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
The Hacker News
Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws
Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.
The Hacker News
Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical
Microsoft's final Patch Tuesday of 2023 is here, addressing 33 software flaws. This release includes 4 Critical and 29 Important fixes.
The Hacker News
Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023.
The Hacker News
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft's October 2023 Patch Tuesday: 103 new vulnerabilities addressed, including 2 zero-days and 13 critical ones.
SecurityWeek
Number of Internet-Exposed ICS Drops Below 100,000: Report
The number of internet-exposed ICS has dropped below 100,000, a significant decrease from the 140,000 in 2019.
Security Affairs
Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Over 3,000 Android Malware spotted using unsupported/unknown compression methods to avoid detection WinRAR flaw enables remote […]
Latest Hacking News
Multiple Codesys PLC Vulnerabilities Could Risk Numerous Power Plants
Microsoft researchers discovered numerous vulnerabilities affecting Codesys PLC that risked power plants' security with various attacks, such as shutdowns. Codesys released the patches for the flaws following the vulnerability disclosure. Microsoft Reports Severe Codesys PLC Vulnerabilities According
Infosecurity News
Microsoft: Critical CODESYS Flaws Could Shut Down Power Plants
The vulnerabilities put critical infrastructure organizations at risk of attacks such as remote code execution (RCE) and denial of service (DoS)
The Record
Microsoft reveals severe vulnerabilities in CODESYS industrial software
Sixteen new vulnerabilities have been uncovered by Microsoft researchers affecting tools used widely in industrial operations around the world.
Security Affairs
Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS
16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. Microsoft Threat Intelligence researchers discovered 16 high-severity vulnerabilities, collectively tracked as CoDe16, in the CODESYS V3 software development kit (SDK). An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, […]
.webp)
Cyber Security News
Threat and Vulnerability Roundup for the week of August 6th to 12th
Join us at Cyber Writes for our weekly Threat and Vulnerability Roundup, where we provide the latest updates on cybersecurity news. Keep yourself informed and stay ahead of potential threats with our comprehensive coverage.
Ars Technica
Microsoft finds vulnerabilities it says could be used to shut down power plants
Exploitation is hard and patches are already out, but the potential risk is great.
Bleeping Computer
Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws
Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing remote code execution (RCE) and denial of service (DoS) attacks.
SecurityWeek
Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying
Codesys vulnerabilities discovered by Microsoft researchers can be exploited to shut down industrial processes or deploy backdoors
The Hacker News
15 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks
A series of 15 high-severity vulnerabilities dubbed CoDe16 have been uncovered in CODESYS V3 SDK, posing remote code execution & DoS risks.
The Hacker News
Microsoft Releases Patches for 74 New Vulnerabilities in August Update
Microsoft's Patch Tuesday for August 2023 addresses 74 vulnerabilities in its software, including 6 Critical and 67 Important security flaws.
Cyber Security News
ICS/OTICS Patch Tuesday: Siemens and Schneider Electric Releases Patch for 50 vulnerabilities
Siemens and Schneider Electric published nine new security warnings that together addressed 50 vulnerabilities impacting its industrial devices.
The Hacker News
Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack
Heads up, everyone! Microsoft has released updates to fix 130 security flaws, including 6 zero-day vulnerabilities being actively exploited.
SecurityWeek
ICS Patch Tuesday: Siemens, Schneider Electric Fix 50 Vulnerabilities
ICS Patch Tuesday: Siemens and Schneider Electric release nine new security advisories and fix 50 vulnerabilities in their products.
The Hacker News
Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
Microsoft has just released security updates for a whopping 97 software flaws, including one that's being actively exploited by ransomware attacks.
The Hacker News
Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack
Microsoft's latest Patch Tuesday update for March 2023 is here with fixes for 80 security flaws, including two actively exploited vulnerabilities.
The Hacker News
Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
Attention all Windows users: Microsoft has released 75 new software security updates, including fixes for 3 actively exploited vulnerabilities.
CSO
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
A Dragos report shows threat actors new and old have the potential to cause major disruptions of critical infrastructure.
The Hacker News
December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More
Stay protected against new vulnerabilities and zero-day attacks by ensuring your devices are up to date with the latest Patch Tuesday security updates
SecurityWeek
OT:Icefall Continues With Vulnerabilities in Festo, Codesys Products
Forescout warns of three newly identified vulnerabilities in OT products from Festo and Codesys.
Infosecurity News
New
Millions of OT devices may be affected
The Hacker News
3 New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies
Researchers have uncovered details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo.
The Record
Vulnerabilities found affecting OT products from German companies Festo and CODESYS
Three vulnerabilities have been disclosed affecting operational technology products from two German factory automation companies.
The Hacker News
Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio.
Ars Technica
Hackers are targeting industrial systems with malware
An entire ecosystem of sketchy software is targeting potentially critical infrastructure.
Security Affairs
Two critical flaws affect CODESYS ICS Automation Software
CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service (DoS) condition. CODESYS has released security patches to fix eleven 11 vulnerabilities in its ICS Automation Software. CoDeSys is a development environment for programming controller applications according to the international industrial standard IEC 61131-3. The […]
Infosecurity News
Chinese Researchers Find Critical Security Flaws in CoDeSys Automation Software
Vulnerabilities could allow attackers to gain unauthorized access to company resources or carry out denial-of-service attacks
DarkReading
New Malware Tools Pose 'Clear and Present Threat' to ICS Environments
The recent discovery of highly customized malware targeting programmable logic controllers has renewed concerns about the vulnerability of critical infrastructure.
Ars Technica
US uncovers “Swiss Army knife” for hacking industrial control systems
"Pipedream" an extremely versatile malware toolkit for targeting power grids, refineries.
CSO
Rare and dangerous Incontroller malware targets ICS operations
A coalition of U.S. government agencies, security researchers, and companies warn about this new malware that can gain complete access to ICS and SCADA systems.