Biztonsági szemle

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see  Siemens' ProductCERT...

CISA released three Industrial Control Systems (ICS) advisories on September 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-261-01 Siemens SIMATIC S7-200...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Millbeck Communications Equipment: Proroute H685t-w Vulnerabilities: Command Injection, Cross-site Scripting 2. RISK EVALUATION Successful...

Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS)...

Securing open-source software will take collaboration, innovation and a commitment to best practices.

Hacktivists love to target financial services companies, and their attacks are growing both larger and longer.

Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.

Last week, I posted a diary about suspicious Python modules. One of them was Firebase [ 1], the cloud service provided by Google[ 2]. Firebase services abused by attackers is not new, usually, it&#x27s used to host malicious files that will be...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A hidden feature could enable remote command execution using hard-coded credentials on home routers.

Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw.