Biztonsági szemle

Cisco is recognized for its unified industrial security and networking architecture that not only helps avoid extra costs and complexity, but also offers better protection.

All companies are under the data privacy compliance gun — but healthcare companies have a target on their backs.

Following a settlement over Merck's $700 million claims over NotPetya damages, questions remain about what constitutes an act of war for cyber-insurance policies.

I remembered that I should have mentioned this in today's podcast, so here it goes as a quick post. The amazing Mark Baggett stepped away from his Python console and started a new series of YouTube videos about the origin stories of various...

Juniper Networks has released a security advisory to address a vulnerability (CVE-2024-21611) in Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and...

Cisco released a security advisory to address a vulnerability (CVE-2024-20272) in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review...

A deserialization of untrusted data vulnerability exists in Schneider Electric Easergy Studio versions prior to v9.3.5 that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT...

The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

By utilizing a Zip Slip vulnerability in the unpacking routine, an attacker can supply a malicious configuration file to achieve remote code execution.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see  Siemens' ProductCERT...

The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected...