433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

PACT Act makes determining veterans’ benefits payments more difficult

The IG says a lack of training is the mainly to blame and recommended creating a job aid for claims processors. The post PACT Act makes determining veterans’ benefits payments more difficult first appeared on Federal News Network.
http://news.poseidon-us.com/TKBt4Z

PACT Act makes determining veterans’ benefits payments more difficult

The IG says a lack of training is the mainly to blame and recommended creating a job aid for claims processors. The post PACT Act makes determining veterans’ benefits payments more difficult first appeared on Federal News Network.
http://news.poseidon-us.com/TKBssK

Two EOs continue biggest overhaul of federal acquisition since 1990s

OFPP, GSA and FAR Council will lead an effort to remove any FAR provisions that aren’t required by law or absolutely necessary. The post Two EOs continue biggest overhaul of federal acquisition since 1990s first appeared on Federal News Network.
http://news.poseidon-us.com/TKBsC8

Cisco Nexus Dashboard LDAP Username Enumeration Vulnerability

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-unenum-2xFFh472 Security Impact Rating: Medium CVE: CVE-2025-20150
http://news.poseidon-us.com/TKBrSk

Cisco Webex App Client-Side Remote Code Execution Vulnerability

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC Security Impact Rating: High CVE: CVE-2025-20236
http://news.poseidon-us.com/TKBrRy

Cisco Secure Network Analytics Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-prvesc-4BQmK33Z Security Impact Rating: Medium CVE: CVE-2025-20178
http://news.poseidon-us.com/TKBrNR

Entrust Cryptographic Security Platform provides visibility into cryptographic risk posture

Entrust announced the Entrust Cryptographic Security Platform, a unified, end-to-end cryptographic security management solution for keys, secrets, and certificates. Cyberattacks on data security and identity systems are exploding in scale and sophistication. Traditional approaches to securing data and identities aren’t working, and in digital-first environments every connected device, application, and system is at risk without a secure cryptographic foundation. And the fragmented tools for managing cryptographic sprawl – including encryption keys, secrets, and certificates – … More → The post Entrust Cryptographic Security Platform provides visibility into cryptographic risk posture appeared first on Help Net Security.
http://news.poseidon-us.com/TKBm9m

Cozy Bear targets EU diplomats with wine-tasting invites (again)

APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. Cozy Bear uses wine-tastings and dinners as a lure In early 2024, Zscaler flagged a low-volume phishing campaign aimed at delivering the WINELOADER backdoor to European diplomats. The lure was a PDF file containing a fake invitation letter supposedly send by the Ambassador of India, inviting diplomats to a wine-tasting event. … More → The post Cozy Bear targets EU diplomats with wine-tasting invites (again) appeared first on Help Net Security.
http://news.poseidon-us.com/TKBm87

Cyware strengthens threat intelligence management

Cyware has added Compromised Credential Management to the Cyware Intel Packaged Solution, a pre-configured threat intelligence program-in-a-box that enables security teams to operationalize threat intelligence faster by eliminating complex integrations and configurations. Built on Cyware Intel Exchange and pre-bundled with Team Cymru premium threat feeds, the packaged solution provides instant, out-of-the-box capabilities, allowing security teams to skip months of setup and focus immediately on detecting and responding to advanced cyber threats. This launch adds Compromised … More → The post Cyware strengthens threat intelligence management appeared first on Help Net Security.
http://news.poseidon-us.com/TKBdxB

Funding uncertainty may spell the end of MITRE’s CVE program

The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in the wings and are getting ready to pick up the vulnerability tracking mantle. “On Wednesday, April 16, 2025, the current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such … More → The post Funding uncertainty may spell the end of MITRE’s CVE program appeared first on Help Net Security.
http://news.poseidon-us.com/TKBdvv