Biztonsági szemle

Investigation into Vanir ransomware's members since June has resulted in the identification of the server of a site within the group's TOR network last month and the subsequent blocking of the web page, disclosed officials in the city of Karlsruhe...

Vanilla Tempest leveraged initial network access secured from Storm-0494's Gootloader malware attacks to distribute Supper malware and AnyDesk remote monitoring and MEGA data synchronization tools before proceeding with lateral movement and the...

After establishing trust with targets via spear-phishing emails purporting to be job openings for senior-/manager-level employees in high-profile companies, UNC2970 proceeded to deliver a malicious ZIP file masquerading as a job description, an...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: IDEC Corporation Equipment: WindLDR, WindO/I-NV4 Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this...

CISA released six Industrial Control Systems (ICS) advisories on September 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-263-01 Rockwell Automation RSLogix...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable locally/high attack complexity Vendor: Rockwell Automation Equipment: RSLogix 5 and RSLogix 500 Vulnerability: Insufficient verification of data authenticity 2. RISK EVALUATION...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: MegaSys Computer Technologies Equipment: Telenium Online Web Application Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low Attack Complexity Vendor: IDEC Corporation Equipment: IDEC PLCs Vulnerabilities: Cleartext Transmission of Sensitive Information, Generation of Predictable Identifiers 2. RISK EVALUATION...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kastle Systems Equipment: Access Control System Vulnerabilities: Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2...

VMware released a security advisory addressing vulnerabilities in the VMware Cloud Foundation and the vCenter Server. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability These types of vulnerabilities are...

Ivanti has released a security update to address an admin bypass vulnerability ( CVE-2024-8963) affecting Ivanti Cloud Services Appliance (CSA) version 4.6. A cyber threat actor could exploit this vulnerability in conjunction with CVE-2024-8190...