Vulnerability Summary for the Week of January 6, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 5centsCDN–5centsCDN  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 5centsCDN 5centsCDN allows Reflected XSS.This issue affects 5centsCDN: from n/a through 24.8.16. 2025-01-07 7.1 CVE-2025-22326 a3rev–Compare…

Carving

Recovering deleted data, or “carving”, is an interesting digital forensics topic; I say “interesting” because there are a number of different approaches and techniques that may be valuable, depending upon your goals.  For example, I’ve used X-Ways to recover deleted…

What is Breach Readiness?

While many organizations devote countless resources to stopping attacks at the perimeter, today’s threat landscape calls for a different mindset. The concept of breach readiness begins with acknowledging the likelihood of an incident, then building robust methods to contain and…

CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators

Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated…