#auth

The U.S. Treasury sanctions the Intellexa Consortium and key figures for distributing Predator spyware, a serious national security…

Silver Spring, Maryland, 19th September 2024, CyberNewsWire

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low Attack Complexity Vendor: IDEC Corporation Equipment: IDEC PLCs Vulnerabilities: Cleartext Transmission of Sensitive Information, Generation of Predictable Identifiers 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain user authentication information or disrupt communication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of IDEC PLCs are affected: FC6A Series MICROSmart All-in-One CPU module: Ver.2.60 and prior FC6B Series MICROSmart All-in-One CPU module: Ver.2.60 and prior FC6A Series MICROSmart Plus CPU module: Ver.2.40 and prior FC6B Series MICROSmart Plus CPU module: Ver.2.60 and prior FT1A Series SmartAXIS Pro/Lite: Ver.2.41 and prior (affected only by CVE-2024-41927) 3.2 Vulnerability Overview 3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319 The affected products are vulnerable to a cleartext vulnerability that could allow an attacker to o...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable locally/high attack complexity Vendor: Rockwell Automation Equipment: RSLogix 5 and RSLogix 500 Vulnerability: Insufficient verification of data authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation RSLogix 5 and RSLogix 500, a programming software, are affected: RSLogix 500: All versions RSLogix Micro Developer and Starter: All versions RSLogix 5: All versions 3.2 Vulnerability Overview 3.2.1 INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345 A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/R...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: IDEC Corporation Equipment: WindLDR, WindO/I-NV4 Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of WindLDR and WindO/I-NV4 are affected: WindLDR: Ver.9.1.0 and prior WindO/I-NV4: Ver.3.0.1 and prior 3.2 Vulnerability Overview 3.2.1 CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312 The affected products are vulnerable to a cleartext vulnerability that could allow an attacker to obtain user authentication information. CVE-2024-41716 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Food and Agriculture, Critical Manufacturing, Energy, Transportation COUNTRI...

The Coalition for Secure AI (CoSAI) expanded its roster of members with the addition of threat intelligence management, collaboration and response orchestration vendor Cyware this week.

Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital's systems are held hostage by ransomware, it’s not just data at risk — it’s the care of patients who depend on life-saving treatments. Imagine an attack that forces emergency care to halt, surgeries

What happened to KnowBe4 also has happened to many other organizations, and it's still a risk for companies of all sizes due to a sophisticated network of government-sponsored fake employees.

langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05).