Security Issues, Vulnerabilities, Exploits & Government Alerts
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity Vendor: Crestron Equipment: AM-300 Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: Lynx 206-F2G Vulnerabilities: Cross-site Scripting, Code Injection, Cross-Origin Resource Sharing, Cleartext Transmission of Sensitive Information, Cross-Site Request Forgery 2.…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable via adjacent network / low attack complexity Vendor: APsystems Equipment: Energy communication Unit (ECU-C) Power Control Software Vulnerability: Improper Access Control 2. RISK EVALUATION Successful…
?Jan 23, 2024?The Hacker NewsCybersecurity / Server Security As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore’s…
?Jan 23, 2024?NewsroomCyber Crime / Dark Web Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went…
?Jan 23, 2024?NewsroomVulnerability / Cyber Attack Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as…
?Jan 23, 2024?NewsroomVulnerability / Device Security Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.…
?Jan 22, 2024?NewsroomCyber Attack / Hacking Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December…
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. “Access to projects can be hijacked through…
?Jan 22, 2024?NewsroomBrowser Security / Cyber Threat Cybersecurity researchers have discovered a new Java-based “sophisticated” information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated…