Security Issues, Vulnerabilities, Exploits & Government Alerts
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: IDEC Corporation Equipment: WindLDR, WindO/I-NV4 Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kastle Systems Equipment: Access Control System Vulnerabilities: Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low Attack Complexity Vendor: IDEC Corporation Equipment: IDEC PLCs Vulnerabilities: Cleartext Transmission of Sensitive Information, Generation of Predictable Identifiers 2. RISK EVALUATION Successful exploitation of these…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: MegaSys Computer Technologies Equipment: Telenium Online Web Application Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could…
Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital’s systems are held hostage by ransomware,…
Sep 19, 2024Ravie LakshmananHealthcare / Malware Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the…
Sep 19, 2024Ravie LakshmananEnterprise Security / DevOps GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted…
Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or…
A Chinese national has been indicted in the U.S. on charges of conducting a “multi-year” spear-phishing campaign to obtain unauthorized access to computer software and source code created by the National Aeronautics and Space Administration…
WASHINGTON, D.C. – Today, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released the following statement: “Since the 19 August…