Updated: 2024-11-22 17:15:31 Pacfic
US Charges Iranian Man in Plot to Kill Donald Trump - 6d
The United States Justice Department has filed charges against an Iranian man for allegedly plotting to assassinate former President Donald Trump. The charges stem from an alleged plot that involved the use of firearms and other means to target Trump. The accused individual is currently located in Iran, and the Justice Department is seeking his extradition to the United States. The alleged plot highlights the ongoing tensions between the United States and Iran. It also raises questions about the feasibility of bringing charges against individuals located in a country with which the United States has limited cooperation. The Justice Department is working to dismantle the alleged plot and prevent future attacks against Trump or other individuals.
CISA Opens Election War Room to Combat Cyber Threats - 22d
The Cybersecurity and Infrastructure Security Agency (CISA) has opened an Election War Room to address escalating cyber threats targeting the upcoming US elections. This proactive measure aims to protect the integrity of the electoral process and safeguard against foreign interference and malicious activities. The Election War Room will serve as a central hub for coordinating cybersecurity efforts, monitoring potential threats, and responding to incidents. CISA will work closely with state and local election officials, as well as private sector partners, to share intelligence, provide technical assistance, and mitigate risks.
CISA Issues Urgent Advisories for Cisco ASA/FTD and RoundCube Webmail Vulnerabilities - 26d
The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent advisories about two critical vulnerabilities: CVE-2024-20481, a denial-of-service (DoS) vulnerability affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), and CVE-2024-37383, a cross-site scripting (XSS) vulnerability in RoundCube Webmail. CVE-2024-20481 allows unauthenticated attackers to crash Cisco ASA/FTD devices with a crafted HTTP request, impacting network availability and security posture. CVE-2024-37383 allows attackers to inject malicious scripts into web pages viewed by RoundCube users, leading to potential data theft or other malicious activities. CISA urges organizations to promptly apply patches for both vulnerabilities and implement mitigation strategies such as input validation, user education, and WAFs to reduce the risk of exploitation.
Critical Java Deserialization Vulnerability in SolarWinds Web Help Desk - 3d
A critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2024-28988, affects SolarWinds Web Help Desk (WHD), a widely used IT service management software. This vulnerability stems from a Java deserialization flaw, potentially enabling a remote, unauthenticated attacker to execute arbitrary code on vulnerable WHD instances. The flaw could allow an attacker to gain full control of the affected system, potentially leading to data theft, system compromise, and other malicious activities. SolarWinds has released a hotfix to address this vulnerability, and organizations using WHD are strongly advised to apply the patch immediately to mitigate the risk.