Security Issues, Vulnerabilities, Exploits & Government Alerts
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Factory Talk Remote Access Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could…
Informs civil society organizations and individuals of cyber adversary behaviors and actions to mitigate this threat WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS) and Federal Bureau of Investigation…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Low attack complexity Vendor: Johnson Controls Equipment: Software House C●CURE 9000 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities in components…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.0 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple FA Engineering Software Products Vulnerabilities: Improper Privilege Management, Uncontrolled Resource Consumption, Out-of-bounds Write, Improper Privilege Management 2. RISK…
May 14, 2024NewsroomNetwork Monitoring / Vulnerability The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of…
May 14, 2024The Hacker NewsCyber Threat / Machine Learning Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is…
Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation. “The incident involves a threat actor overwhelming…
May 14, 2024NewsroomLocation Tracking / Privacy Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used…
May 13, 2024Newsroom The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments. “The model provides a cultivated knowledge base of cyber…