View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic PM5300 Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the…
As a relatively new security category, many security operators and executives I’ve met have asked us “What are these Automated Security Validation (ASV) tools?” We’ve covered that pretty extensively in the past, so today, instead…
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which comes from attack surface management…
Nov 21, 2024Ravie LakshmananCryptocurrency / Identity Theft Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques…
Nov 21, 2024Ravie LakshmananArtificial Intelligence / Software Security Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in…
Threat hunters are warning about an updated version of the Python-based NodeStealer that’s now equipped to extract more information from victims’ Facebook Ads Manager accounts and harvest credit card data stored in web browsers. “They…
Under the strength of Forbes’ long-existing and well-linked site, Forbes Marketplace/Advisor has dominated the search term “best cbd gummies” for “an eternity,” according to SEO analyst Lily Ray. Forbes has similarly dominated “best pet insurance,”…
The U.S. government announced charges against five individuals accused of carrying out a multi-year hacking spree targeting tech giants and cryptocurrency owners, which security researchers dubbed 0ktapus. On Wednesday, the U.S. Department of Justice published…
Finastra, a London-based financial software company that serves most of the world’s top banks, has confirmed it’s investigating a data breach after a hacker claimed a compromise of the company’s internal file-transfer platform. In a…
Nov 20, 2024Ravie LakshmananPayment Security / Cybercrime Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim’s funds at scale. The technique, codenamed Ghost Tap by ThreatFabric,…