Biztonsági szemle

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DTM Soft Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: RTU500 series CMU Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12356 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability These...

CISA released eight Industrial Control Systems (ICS) advisories on December 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-354-01 Hitachi Energy RTU500...

[This is a Guest Diary by Sahil Shaikh, an ISC intern as part of the SANS.edu BACS program]

The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A 32-year-old was sentenced on criminal hacking charges related to a data-stealing malware operation.

The agency asks the cybersecurity community to adopt "romance baiting" in place of dehumanizing language.

The best service provider minimizes your costs and instead focuses on building a long-term partner relationship with your organization.

The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin's regime.

Over 8.7 million records, many of which are duplicates, were discovered within the server, including user phone numbers, network information, device identifiers, performance metrics, and other personal details, according to Cybernews researchers.