Biztonsági szemle

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Orthanc Equipment: Osimis Web Viewer Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable via adjacent network / low attack complexity Vendor: APsystems Equipment: Energy communication Unit (ECU-C) Power Control Software Vulnerability: Improper Access Control 2. RISK...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: Lynx 206-F2G Vulnerabilities: Cross-site Scripting, Code Injection, Cross-Origin Resource Sharing, Cleartext Transmission of...

CISA released six Industrial Control Systems (ICS) advisories on January 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-023-01 APsystems Energy Communication...

CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) on Engaging with Artificial Intelligence—joint guidance, led by ACSC, on how to use AI systems securely. The following organizations also...

People want to get rich, and people want to fall in love — and these are the two motivations behind the growing number of so-called "pig butchering" fraud scams occurring online.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

While authorizations of cloud services under the Federal Risk and Authorization Management Program have risen by almost 60% from July 2019 to April 2023, numerous agencies continued to leverage services that were not approved under FedRAMP despite...

TechCrunch reports that Texas-based data broker InMarket has been banned by the Federal Trade Commission from engaging in the sale of precise consumer location data days after the same prohibition was imposed upon fellow data broker Outlogic...

U.S. payments processing firm Payoneer has disclosed that some of its customer accounts were compromised as a result of a phishing campaign following reports from several users noting account breaches, password replacements, and fund exfiltration...

Numerous companies, universities, colleges, government agencies, and municipalities across Sweden have been impacted by outages after Finnish IT services and enterprise cloud hosting firm Tietoevry had one of its Sweden-based data centers compromised...