Biztonsági szemle

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Vulnerabilities: Use After Free, Out-of-bounds Write, Improper Initialization 2. RISK EVALUATION Successful exploitation of these...

Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Acrobat, Adobe Illustrator, and Adobe InDesign. A cyber threat actor could exploit some of these vulnerabilities to take control of an...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Vulnerabilities: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Ivanti released security updates to address vulnerabilities in Ivanti Cloud Service Application, Ivanti Desktop and Server Management (DSM), Ivanti Connect Secure and Police Secure, Ivanti Sentry, and Ivanti Patch SDK. CISA encourages users and...

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A ransomware group called Brain Cipher claims to have stolen more than a terabyte of compressed data.

The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.

Scammers set up call centers in luxury rentals to run bank help-desk fraud, as well as large-scale phishing campaigns, across at least 10 European countries, according to law enforcement.

Cisco Modeling Labs Free is now available, making our premier network virtualization platform easier and more accessible than ever.

Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server.