In the case of the Municipal Water Authority of Aliquippa, CISA noted that the attackers likely accessed the ICS device “by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet”.

CVE-2023-48023 is rooted in the fact that, in its default configuration, Ray does not enforce authentication, and does not appear to support any type of authorization model.

Researchers from Blackwing Intelligence and Microsoft's MORSE have discovered a way to bypass fingerprint authentication on three popular laptops with Windows Hello, namely the Dell Inspiron 15, Lenovo ThinkPad T14s, and Microsoft Surface Pro X.

The guide incorporates vulnerability data, known exploited vulnerabilities, and the MITRE ATT&CK framework. It covers topics such as asset management, identity management, device security, vulnerabilities, patching, and secure design principles.

The company failed to properly erase personal data stored on decommissioned devices and did not monitor the actions of a third-party moving company, leading to the unauthorized sale of computer equipment containing sensitive information.

Johnson Controls has released patches for a critical vulnerability found in some of its industrial refrigeration products. The flaw, known as CVE-2023-4804, could allow unauthorized access to debug features.

The funding opportunity includes investments in technologies, tools, training, and processes to strengthen cybersecurity, as well as increasing access to technical assistance and training for organizations with limited resources.

Along with others, Joseph Garrison stole approximately $600,000 from 1,600 victim accounts by adding a new payment method, depositing $5 into each account, and then withdrawing the funds.

The prevalence of bad bots is increasing due to the availability of artificial intelligence and the professionalization of the criminal underworld through crime-as-a-service offerings.

Thomas Kennedy McCormick, also known as 'Fubar', has been sentenced to 18 years in prison for his involvement in running the cybercrime forum Darkode. He was one of the last administrators of Darkode before it was shut down by authorities in 2015.