BLOG

Vulnerability in Oracle E-Business SuiteCould Allow for Remote Code Execution

This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. A vulnerability has been discovered in Oracle E-Business Suite, which could allow for remote code execution. Oracle E-Business Suite (EBS) is a comprehensive suite of integrated business applications that … Continue reading Vulnerability in Oracle E-Business SuiteCould Allow for Remote Code Execution
Wed, 22 Oct 2025 12:58:34 +0000

Ransomware Groups Continue to Push It to the Limit

Ransomware remains a persistent and ever-evolving threat to businesses of all sizes and sectors.  While the tactics, techniques, and procedures (TTPs) may vary, the end goal is often the same – a substantial payday. After months of silence, LockBit recently reemerged with an announcement of its “LockBit 5.0 Affiliate Program,” which grants its affiliates the ability … Continue reading Ransomware Groups Continue to Push It to the Limit
Wed, 22 Oct 2025 12:55:59 +0000

Salt Typhoon APT: A Strategic Threat Assessment

Salt Typhoon continues to target US critical infrastructure through sustained and coordinated cyber operations. The group, an advanced persistent threat (APT) linked to the People’s Republic of China (PRC), focuses much of its activity in communications, government, and defense. These intrusions enable the theft of sensitive national security information while advancing China’s efforts to expand … Continue reading Salt Typhoon APT: A Strategic Threat Assessment
Wed, 22 Oct 2025 12:55:10 +0000

NYMJCSC 2025 – October 30th

The 2025 NY Metro Joint Cyber Security Conference is in the planning stage, celebrating our 12th year featuring keynotes, panels and sessions aimed at educating everyone on the various aspects of information security and technology. Workshops featuring in-depth extended classroom-style educational courses to expand your knowledge and foster security discussions will take place virtually post-conference. We are … Continue reading NYMJCSC 2025 – October 30th
Wed, 22 Oct 2025 12:53:40 +0000

Vulnerabilities in F5 Devices

The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal Civilian Executive Branch agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from the public internet, and apply newly released updates from F5. A nation-state affiliated cyber threat actor has compromised … Continue reading Vulnerabilities in F5 Devices
Wed, 22 Oct 2025 12:50:45 +0000

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOW

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create … Continue reading Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOW
Wed, 22 Oct 2025 12:50:01 +0000

Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution – PATCH NOW

Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, … Continue reading Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution – PATCH NOW
Wed, 22 Oct 2025 12:49:19 +0000

Critical Patches Issued for Microsoft Products, October 14, 2025 – PATCH NOW

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; … Continue reading Critical Patches Issued for Microsoft Products, October 14, 2025 – PATCH NOW
Wed, 22 Oct 2025 12:48:23 +0000

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – PATCH: NOW

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install … Continue reading Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – PATCH: NOW
Wed, 22 Oct 2025 12:47:43 +0000

Credential Theft Phishing Campaign Employs Tactics to Evade Detection

The NJCCIC identified a phishing campaign that uses tactics to make detection more difficult, leading to increased account compromises.  Users receive an initial encrypted email with an encrypted link to “Read the message,” which leads to a legitimate Microsoft 365 login page with the URL beginning with “hxxps://outlook.office365[.]com/Encryption/retrieve.ashx…” Once login credentials are submitted, the user … Continue reading Credential Theft Phishing Campaign Employs Tactics to Evade Detection
Wed, 22 Oct 2025 12:46:50 +0000

© 2000 Interactive Security Training, LLC - All Rights Reserved.