Security Bulletin

Records exposed by grep were divided into a pair of call-tracking TXT files, the first of which detailed phone calls' start and end times, callers' and recipients' phone numbers, and call status, duration, and notes, as well as call interpreters' IDs...

Most of the infections were from the Wuta Camera app, while the rest were from the Max Browser app, according to a Kaspersky analysis.

All four of the poisoned packages, which have already been removed from the PyPI repository, enabled encoded next-stage payload execution before deploying PondRAT for Linux and macOS, which have file upload and download, as well as arbitrary command...

Aside from releasing videos implicating Harris in a hit-and-run accident, Russia also disseminated phony videos of her speeches, said an Office of the Director of National Intelligence official.

Attackers leveraged leaked Kryptina source code to develop rebranded Mallox payloads, including the Mallox Linux 1.0 encryptor that was identical to Kryptina save for its name and appearance.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: OPW Fuel Managements Systems Equipment: SiteSentinel Vulnerability: Missing Authentication For Critical Function 2. RISK EVALUATION Successful...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Alisonic Equipment: Sibylla Vulnerability: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 2. RISK...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MXview One, MXview One Central Manager Series Vulnerabilities: Cleartext Storage In A File or On Disk, Path Traversal, Time-of...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-7593 Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability These types of vulnerabilities are...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Franklin Fueling Systems Equipment: TS-550 EVO Automatic Tank Gauge Vulnerability: Absolute Path Traversal 2. RISK EVALUATION Successful...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: OMNTEC Mfg., Inc. Equipment: Proteus Tank Monitoring Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dover Fueling Solutions (DFS) Equipment: ProGauge MAGLINK LX CONSOLE Vulnerabilities: Command Injection, Improper Privilege Management, Use of...