Security
Headlines
HeadlinesLatestCVEs

Latest News

Kieback&Peter DDC4000 Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kieback&Peter Equipment: DDC4000 Series Vulnerabilities: Path Traversal, Insufficiently Protected Credentials, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full administrator rights on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Kieback&Peter DDC4000 series products are affected: DDC4002 : Versions 1.12.14 and prior DDC4100 : Versions 1.7.4 and prior DDC4200 : Versions 1.12.14 and prior DDC4200-L : Versions 1.12.14 and prior DDC4400 : Versions 1.12.14 and prior DDC4002e : Versions 1.17.6 and prior DDC4200e : Versions 1.17.6 and prior DDC4400e : Versions 1.17.6 and prior DDC4020e : Versions 1.17.6 and prior DDC4040e : Versions 1.17.6 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 The a...

us-cert
Open in Source
#vulnerability#web#auth
23andMe will retain your genetic information, even if you delete the account

Sure, you can request a deletion of your data from 23andMe, but that doesn’t mean the company will delete it entirely.

GPS Jamming Is Screwing With Norwegian Planes

So much jamming is taking place in northeastern Norway, regulators no longer want to know.

This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats

Security researchers created an algorithm that turns a malicious prompt into a set of hidden instructions that could send a user's personal information to an attacker.

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04. "

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura.  Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities.  UAT-5647 is also known

U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks

Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023. The attacks, which were facilitated by Anonymous Sudan's "powerful DDoS tool," singled out critical infrastructure, corporate networks,

CVE-2024-9954: Chromium: CVE-2024-9954 Use after free in AI

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

CVE-2024-9966: Chromium: CVE-2024-9966 Inappropriate implementation in Navigations

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

CVE-2024-9965: Chromium: CVE-2024-9965 Insufficient data validation in DevTools

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59