Security
Headlines
HeadlinesLatestCVEs

Latest News

6 Cybersecurity Headaches Sports Organizations Have to Worry About

Leaders in professional athletics lament the realities and risks of growth in connected stadium environments, social networks, and legalized gambling.

DARKReading
Open in Source
#vulnerability#intel#auth
Security Concerns Plague Emerging Chip Architecture

The RISC-V chip architecture is gaining popularity worldwide, but the fact that it is easy to modify the processor design means it is also easy to introduce hard-to-patch vulnerabilities in the chips.

Kansas Water Plant Pivots to Analog After Cyber Event

A water treatment facility in a small city took serious precautions to prevent any bad outcomes from a hazy cyber incident.

Telegram to Share User Info With Law Enforcement in Policy Shift

The encrypted messaging service said it will share users' IP addresses and phone numbers with authorities when requested.

Critical Automated Tank Gauge Bugs Threaten Critical Infrastructure

The security vulnerabilities could lead to everything from gas spills to operations data disclosure, affecting gas stations, airports, military bases, and other hypersensitive locations.

GHSA-2rmj-mq67-h97g: Spring Framework DoS via conditional HTTP request

### Description Applications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to DoS attack. ### Affected Spring Products and Versions org.springframework:spring-web in versions 6.1.0 through 6.1.11 6.0.0 through 6.0.22 5.3.0 through 5.3.37 Older, unsupported versions are also affected ### Mitigation Users of affected versions should upgrade to the corresponding fixed version. 6.1.x -> 6.1.12 6.0.x -> 6.0.23 5.3.x -> 5.3.38 No other mitigation steps are necessary. Users of older, unsupported versions could enforce a size limit on `If-Match` and `If-None-Match` headers, e.g. through a Filter.

Necro Android Malware Found in Popular Camera and Browser Apps on Play Store

Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of a known malware loader called Necro. Kaspersky said some of the malicious apps have also been found on the Google Play Store. They have been cumulatively downloaded 11 million times. They include - Wuta Camera - Nice Shot Always (com.benqu.wuta) - 10+ million

Harnessing the Power of Cloud App Development and DevOps for Modern Businesses

Leverage Cloud App Development and DevOps to boost business agility, scalability, and security. Optimize operations, deploy faster, and…

MoneyGram Goes Offline After Vague Cyber Woes

The money-transfer company is going on day four of its services being suspended.

ABB Cylon Aspect 3.08.01 Remote Code Execution

ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile() function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite() function, allowing arbitrary file writes. Combined with an improper sanitization of file paths, this leads to directory traversal, allowing an attacker to upload malicious files to arbitrary locations. Once a malicious file is written to an executable directory, an authenticated attacker can trigger the file to execute code and gain unauthorized access to the building controller.