Latest News

Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled “Improvements to data analysis in ChatGPT,” the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. It’s worth mentioning

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: Dual-redundant Platform for Computer (PC2CKM) Vulnerability: Unchecked Return Value 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Yokogawa PC2CKM, a dual-redundant platform computer, are affected: Dual-redundant Platform for Computer (PC2CKM): R1.01.00 to R2.03.00 3.2 Vulnerability Overview 3.2.1 UNCHECKED RETURN VALUE CWE-252 If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable. CVE-2024-8110 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been cal...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-200 SMART Devices Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SIMATIC S7-200 SMART Devices are affected: SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0): All versions SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0): All Versions SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0): All Versions SIMATIC S7-200 SMART CPU SR20 (6ES7288...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Millbeck Communications Equipment: Proroute H685t-w Vulnerabilities: Command Injection, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands on the device's operating system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Millbeck Communications Proroute H685t-w, a 4G router, are affected: Proroute H685t-w: Version 3.2.334 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-77 There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. CVE-2024-45682 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.2 Improper Neutralization of...

Meta has announced that it will begin training its artificial intelligence (AI) systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months. "This means that our generative AI models will reflect British culture, history, and idiom, and that UK companies and institutions will be able to utilize the latest technology," the social media

Hacktivists love to target financial services companies, and their attacks are growing both larger and longer.

Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.

Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud. Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.