Biztonsági szemle

While additional submissions would no longer be accepted by Aug. 31, Google noted that triaging of reports provided before then will be completed by Sept. 15, with rewards to be decided upon before the end of September.

Aside from mandating the identification and evaluation of cybersecurity gaps in networks involved in the operations of airplanes, engines, and propellers, organizations in the aviation sector would also be required to establish cyberattack response...

Nearly $4.78 million had been stolen by threat actors that compromised Equiniti via email chain hijacking in 2022, nearly $1 million of which has been recovered, while another intrusion in April 2023 that involved the exfiltration of certain Equiniti...

Attackers who infiltrated Arden Claims Service's systems around Oct. 3, 2023, were able to exfiltrate individuals' names and other personally identifiable information, according to the notification letter provided to Vermont and Maine regulators.

Such a reported cyberattack was neither confirmed nor denied by Halliburton, which only noted the ongoing investigation into the cause and extent of the identified issue.

Aside from modifying the account's bio to include a rug pull reference, the acquisition of $700,000 worth of Solana cryptocurrency, and the flag of India, threat actors also published posts with the caption "a McDonald's experiment on Soluna" and a...

Exploitation of the flaw, which was addressed last week, through a brute-force attack iterating and passing all known possible security hash values in the litespeed_hash cookie could facilitate immediate site access through any user ID provided that...

Intrusions commence with brute-force attempts to guess the PostgreSQL database's credentials, which when achieved would be followed by the establishment of a superuser role that would ensure database access even after modifications to the original...

UAT-5394 — which has been suspected to be Kimsuky, its subgroup, or a separate operation leveraging Kimsuky's toolkit — established updated test virtual machines, payload-hosting sites, and command-and-control servers to support the creation of new...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 5015 - AENFTXT Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...

CISA released five Industrial Control Systems (ICS) advisories on August 22, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-235-01 Rockwell Automation Emulate3D...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MOBOTIX Equipment: P3 Cameras, Mx6 Cameras Vulnerability: Improper Neutralization of Expression/Command Delimiters 2. RISK EVALUATION Successful...