Security Issues, Vulnerabilities, Exploits & Government Alerts
Jul 09, 2024NewsroomVulnerability / Network Security Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Johnson Controls, Inc. Equipment: Software House C●CURE 9000 Vulnerability: Use of Weak Credentials 2. RISK EVALUATION Successful exploitations of this vulnerability…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: MI5122-VW Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper…
Jul 09, 2024NewsroomCI/CD Security / Server Security Cybersecurity researchers have found that it’s possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining. “Misconfigurations such as…
Discover how cybercriminals behave in Dark Web forums- what services they buy and sell, what motivates them, and even how they scam each other. Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals…
Jul 09, 2024Newsroom Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October…
Jul 09, 2024NewsroomCyber Espionage / Threat Intelligence Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called…
Jul 09, 2024NewsroomSupply Chain Attack / Web Security Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a “complex and…