Security Issues, Vulnerabilities, Exploits & Government Alerts
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: SuiteLink Server Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix 5380, ControlLogix 5580, GuardLogix 5580, Compact GuardLogix 5380, CompactLogix 5480 Vulnerability: Improper Input Validation 2. RISK EVALUATION…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion8 Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an…
Aug 13, 2024The Hacker NewsCyber Defense / Compliance Traditionally, the focus has been on defending against digital threats such as malware, ransomware, and phishing attacks by detecting them and responding. However, as cyber threats become…
The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Dispossessor (aka Radar). The effort saw the dismantling of three U.S. servers, three…
Aug 13, 2024Ravie LakshmananThreat Intelligence / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign that masquerades as the Security Service of Ukraine to distribute malware capable of…
In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress. What’s behind the surge in phishing? One…
Aug 12, 2024Ravie LakshmananCritical Infrastructure / Vulnerability Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could enable malicious actors to cause…
After a good year of sustained exuberance, the hangover is finally here. It’s a gentle one (for now), as the market corrects the share price of the major players (like Nvidia, Microsoft, and Google), while…
Aug 12, 2024Ravie LakshmananCybersecurity / Network Security The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with…