Latest News

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kieback&Peter Equipment: DDC4000 Series Vulnerabilities: Path Traversal, Insufficiently Protected Credentials, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full administrator rights on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Kieback&Peter DDC4000 series products are affected: DDC4002 : Versions 1.12.14 and prior DDC4100 : Versions 1.7.4 and prior DDC4200 : Versions 1.12.14 and prior DDC4200-L : Versions 1.12.14 and prior DDC4400 : Versions 1.12.14 and prior DDC4002e : Versions 1.17.6 and prior DDC4200e : Versions 1.17.6 and prior DDC4400e : Versions 1.17.6 and prior DDC4020e : Versions 1.17.6 and prior DDC4040e : Versions 1.17.6 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 The a...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: HMS Networks Equipment: EWON FLEXY 202 Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to sniff and decode credentials that are transmitted using weak encoding techniques. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of EWON FLEXY 202, an industrial modular gateway, are affected: EWON FLEXY 202: Firmware Version 14.2s0 3.2 Vulnerability Overview 3.2.1 CWE-522: Insufficiently Protected Credentials The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials. CVE-2024-7755 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). CVE-2024-7755 has been assigned to this ...

Sure, you can request a deletion of your data from 23andMe, but that doesn’t mean the company will delete it entirely.

So much jamming is taking place in northeastern Norway, regulators no longer want to know.

Security researchers created an algorithm that turns a malicious prompt into a set of hidden instructions that could send a user's personal information to an attacker.

An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04. "

By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura.  Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities.  UAT-5647 is also known

Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023. The attacks, which were facilitated by Anonymous Sudan's "powerful DDoS tool," singled out critical infrastructure, corporate networks,

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59