Security Bulletin

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low attack complexity Vendor: RoboDK Equipment: RoboDK Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Electrolink Equipment: FM/DAB/TV Transmitter Vulnerabilities: Authentication Bypass by Assumed-Immutable Data...

CISA released four Industrial Control Systems (ICS) advisories on April 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-107-01 Measuresoft ScadaPro ICSA-24...

Five ways companies can move from SBOMs to SaaSBOMs to more effectively secure SaaS applications.

Package updates/upgrades by maintainers on the Linux platforms are always appreciated, as these updates are intended to offer new features/bug fixes. However, in rare circumstances, there is a need to downgrade the packages to a prior version due to...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

This is a quick update to our initial diary from this weekend [ CVE-2024-3400].

The “Crescendo” attack uses a chain of seemingly benign prompts to achieve an adverse output.

The search for sustainable technology solutions has become a growing concern for developers. In support of this effort, the Cisco DevNet team is hosting Developer Sustainability Week, an online event that coincides with the celebration of Earth Day...

If left unpatched, the API flaw could let attackers bypass authentication, gain admin access, and steal company secrets.

The streaming service enables 2FA on all accounts following its second credential-stuffing attack this year.