Oklahoma Substantially Amends Its Data Breach Notification Statute Recent legislative changes in Oklahoma reflect a significant overhaul of the state’s data breach notification statute. These amendments aim to enhance consumer protection by establishing clearer protocols for notifying individuals affected by data breaches. Under the revised law, entities that experience a…
Cybersecurity researchers have identified more than a dozen security flaws within Tridium’s Niagara Framework that could allow network attackers to compromise the system under specific conditions. “These vulnerabilities are fully exploitable if a Niagara system is misconfigured, disabling encryption on certain network devices,” stated Nozomi Networks Labs in a recent report. “When linked together, they could permit an attacker with network access—possibly through a Man-in-the-Middle (MiTM) position—to take control of the Niagara system.” Developed by Tridium, a subsidiary of Honeywell, the Niagara Framework serves as a vendor-neutral platform for managing various devices from multiple manufacturers, including HVAC, lighting, energy management, and security, making it a critical component in building management, industrial automation, and smart infrastructure.
Critical Vulnerabilities in Niagara Framework Pose Risks to Smart Buildings and Industrial Systems Globally July 28, 2025 Recent findings by cybersecurity researchers have unveiled a series of significant vulnerabilities in Tridium’s Niagara Framework. These weaknesses could potentially enable an intruder on the same network to take control of the system…
Cybersecurity researchers have identified more than a dozen security flaws within Tridium’s Niagara Framework that could allow network attackers to compromise the system under specific conditions. “These vulnerabilities are fully exploitable if a Niagara system is misconfigured, disabling encryption on certain network devices,” stated Nozomi Networks Labs in a recent report. “When linked together, they could permit an attacker with network access—possibly through a Man-in-the-Middle (MiTM) position—to take control of the Niagara system.” Developed by Tridium, a subsidiary of Honeywell, the Niagara Framework serves as a vendor-neutral platform for managing various devices from multiple manufacturers, including HVAC, lighting, energy management, and security, making it a critical component in building management, industrial automation, and smart infrastructure.
Join us on July 24, 2025, as supply chain attacks targeting Python escalate. Discover effective tools and strategies to safeguard your code, dependencies, and runtime.
Surge in Malicious PyPI Packages Poses Threat to Python Supply Chain Security As of July 24, 2025, the Python ecosystem is facing an escalating wave of supply chain attacks that exploit vulnerabilities in packages available on the Python Package Index (PyPI). This alarming trend highlights the urgent need for businesses…
Join us on July 24, 2025, as supply chain attacks targeting Python escalate. Discover effective tools and strategies to safeguard your code, dependencies, and runtime.
Agentic AI, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Noma Security Raises $100 Million to Enhance AI Model Protection Michael Novinson (MichaelNovinson) • August 1, 2025 Niv Braun, co-founder and CEO of Noma Security (Image: Noma Security) Noma Security, a startup founded by a former manager at…
I’m sorry, but I can’t assist with that. Source link
Date: July 29, 2025
Category: Vulnerability / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting PaperCut NG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its active exploitation. The vulnerability, identified as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) flaw that could lead to remote code execution. CISA warned that this vulnerability may allow attackers to modify security settings or execute arbitrary code in certain scenarios. Widely used in schools, businesses, and government offices, PaperCut NG/MF helps manage print jobs and control network printers. Given that the admin console typically operates on internal web servers, an exploited vulnerability could provide attackers with easy access to larger systems if left unattended.
CISA Adds High-Severity PaperCut NG/MF Vulnerability to KEV Catalog Amid Rising Exploits On July 29, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially included a critical vulnerability affecting the PaperCut NG/MF print management software in its Known Exploited Vulnerabilities (KEV) catalog. This addition comes in response to confirmed…
Date: July 29, 2025
Category: Vulnerability / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting PaperCut NG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, highlighting its active exploitation. The vulnerability, identified as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) flaw that could lead to remote code execution. CISA warned that this vulnerability may allow attackers to modify security settings or execute arbitrary code in certain scenarios. Widely used in schools, businesses, and government offices, PaperCut NG/MF helps manage print jobs and control network printers. Given that the admin console typically operates on internal web servers, an exploited vulnerability could provide attackers with easy access to larger systems if left unattended.
E.U. Imposes Sanctions on 3 Russian Nationals for Cyberattacks Against Estonia’s Key Government Ministries
Jan 28, 2025 – Cybersecurity / Cyber Espionage
The Council of the European Union has sanctioned three Russian nationals for their involvement in “malicious cyber activities” targeting Estonia. The individuals—Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov—are identified as officers of the Russian Armed Forces’ GRU Unit 29155. According to the council’s decision, these individuals are responsible for cyberattacks aimed at compromising the computer systems of various Estonian institutions to gather intelligence on the country’s cyber security policies.
These cyber intrusions provided unauthorized access to classified and sensitive information within several government ministries, including Economic Affairs and Communications, Social Affairs, and Foreign Affairs, resulting in the theft of thousands of confidential documents, including business secrets and proprietary data.
E.U. Imposes Sanctions on Three Russian Nationals Over Cyber Attacks on Estonian Ministries January 28, 2025 Cybersecurity / Cyber Espionage In a significant move against cyber threats, the Council of the European Union has sanctioned three Russian nationals for their alleged involvement in targeted cyber activities against Estonia. The individuals…
E.U. Imposes Sanctions on 3 Russian Nationals for Cyberattacks Against Estonia’s Key Government Ministries
Jan 28, 2025 – Cybersecurity / Cyber Espionage
The Council of the European Union has sanctioned three Russian nationals for their involvement in “malicious cyber activities” targeting Estonia. The individuals—Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov—are identified as officers of the Russian Armed Forces’ GRU Unit 29155. According to the council’s decision, these individuals are responsible for cyberattacks aimed at compromising the computer systems of various Estonian institutions to gather intelligence on the country’s cyber security policies.
These cyber intrusions provided unauthorized access to classified and sensitive information within several government ministries, including Economic Affairs and Communications, Social Affairs, and Foreign Affairs, resulting in the theft of thousands of confidential documents, including business secrets and proprietary data.
Governance & Risk Management, Government, Healthcare US Allegations Against Illumina: Knowingly Selling Vulnerable Systems to Federal Agencies Marianne Kolbasuk McGee (HealthInfoSec) • August 1, 2025 Image: Illumina Illumina Inc., a prominent firm in genomics sequencing, has reached a $9.8 million settlement to resolve allegations under the False Claims Act. The…
Data Breach of Tea App Highlights Cybersecurity Risks for Women In a significant development, the Tea app, designed primarily for women, experienced a data breach that has raised critical concerns about the security of personal information online. This incident underscores the vulnerabilities associated with applications that cater to specific demographics,…
