View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: RTU500 series CMU Vulnerability: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) 2. RISK EVALUATION Successful exploitation of…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable from adjacent network Vendor: Hitachi Energy Equipment: SDM600 Vulnerabilities: Origin Validation Error, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an…
The musician Stephin Merritt once joked that he would be happy to sell only a single copy of each album he makes, provided that single copy costs $100,000. Which coincidentally is pretty close to Apple’s…
Dec 19, 2024Ravie LakshmananVulnerability / Network Security Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as…
Dec 19, 2024Ravie LakshmananCloud Security / Encryption The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure…
Dec 19, 2024Ravie LakshmananPrivacy / Data Protection The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used…
Dec 19, 2024Ravie LakshmananDisinformation / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the…
With 2024 closing, it’s time to look forward to 2025. What could we see from Apple in the new year? That’s coming up in this episode of the Macworld Podcast! This is episode 914 with…
GPS tracking firm Hapn is exposing the names of thousands of its customers due to a website bug, TechCrunch has learned. A security researcher alerted TechCrunch in late November to customer names and affiliations —…
Arm and Qualcomm’s dispute over Qualcomm’s Snapdragon X Elite chips is continuing in court this week, with executives from each company taking the stand and attempting to downplay the accusations from the other side. If…