Biztonsági szemle

Russia and Iran have agreed to advance digital space regulations for international tech firms and share know-how on managing the internet, which was declared by human rights nonprofit Freedom House to be "not free" in both countries amid intense...

With Cloudflare conducting media resource caching at the data center closest in proximity to its users, security researcher Daniel discovered that an information-disclosure intrusion could be conducted through the delivery of a unique image hosted on...

Aside from the zero-day, threat actors behind AIRASHI also leveraged more than a dozen other security flaws impacting AVTECH IP cameras, Shenzhen TVT appliances, and other devices dating as far back as 2013, a report from QiAnXin XLab researchers...

Attacks with the chained vulnerabilities have been thwarted by three organizations, with the first preventing compromise following sysadmin identification of suspicious user accounts and the second averting the breach after an endpoint protection...

Attackers who made fraudulent but verified Ross Ulbricht accounts on X, formerly Twitter, sought to lure users into joining Telegram channels purporting to be Ulbricht portals, which provided a walk through on the bogus Safeguard identity...

Execution of a trojanized installer triggers deployment of a loader with another DLL eventually resulting in the running of SlowStepper, which supports commands enabling extensive system info theft, file deletion, Python module execution, and self...

One of the hardest applications to create securely is webmail. E-mail is a complex standard, and almost all e-mail sent today uses HTML. Displaying complex HTML received in an e-mail within a web application is dangerous and often leads to XSS...

Stay ahead in FY2025 with crucial E-rate deadlines and Cisco's cybersecurity solutions to enhance your educational technology infrastructure.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.6 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Build Rapsody Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Easergy Studio Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability may risk...