RSS feed source: US Computer Emergency Readiness Team

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp RMM since January 2025.

SimpleHelp versions 5.5.7 and earlier contain several vulnerabilities, including CVE-2024-57727—a path traversal vulnerability.1 Ransomware actors likely leveraged CVE-2024-57727 to access downstream customers’ unpatched SimpleHelp RMM for disruption of services in double extortion compromises.1 

CISA added CVE-2024-57727 to its Known Exploited Vulnerabilities (KEV) Catalog on Feb. 13, 2025.

CISA urges software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise or risk of compromise.

Download the PDF version of this report:

AA25-163A Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider (PDF, 420.49 KB ) Mitigations

CISA recommends organizations implement the mitigations below to respond to emerging ransomware activity exploiting SimpleHelp software. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and

Click this link to continue reading the article on the source website.

RSS feed source: US Computer Emergency Readiness Team

Support us – Help us upgrade our services! We truly love working to bring you the latest volcano and earthquake data from around the world. Maintaining our website and our free apps does require, however, considerable time and resources.
We need financing to increase hard- and software capacity as well as support our editor team. We’re aiming to achieve uninterrupted service wherever an earthquake or volcano eruption unfolds, and your donations can make it happen! Every donation will be highly appreciated. If you find the information useful and would like to support our team in integrating further features, write great content, and in upgrading our soft- and hardware, please make a donation (PayPal).

Planned features:

Improved multilanguage supportTsunami alertsFaster responsivenessThanks to your past donations, these features have been added recently:Design upgradeDetailed quake statsAdditional seismic data sourcesDownload and Upgrade the Volcanoes & Earthquakes app to get one of the fastest seismic and volcano alerts online:
Android | IOSThank you!

Click this link to continue reading the article on the source website.

RSS feed source: US Computer Emergency Readiness Team

The Department of Engineering Science, in collaboration with the Department of Experimental Psychology, intends to appoint an Associate Professor in Biomedical Engineering (Technology for Mental Health and Cognition) with effect from 1st October 2025, or as soon as possible thereafter.  This is one of four new academic appointments underpinning the recently established £25m Podium Analytics Institute in Sports Medicine and Technology. The successful candidate will be based at the Institute of Biomedical Engineering (OX3 7DQ) and will be offered a (non-tutorial) Fellowship at St Catherine’s College under arrangements described in the Job Description. The appointee will benefit from working with researchers in experimental psychology whose expertise is in adolescent mental health, and there is potential for joint working with the Department of Experimental Psychology. The salary will be on a scale currently from £55,755 p.a. to £74,867 p.a. plus additional benefits as indicated in

Click this link to continue reading the article on the source website.