Tag
#auth
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to gain access to the filesystem. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of SIMATIC CP is affected: SIMATIC CP1543-1: V4.0 (6GK7543-1AX10-0XE0) 3.2 Vulnerability Overview 3.2.1 INCORRECT AUTHORIZATION CWE-863 Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem. CVE-2024-50310 has been assign...
Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia.
Experts expect Donald Trump’s next administration to relax cybersecurity rules on businesses, abandon concerns around human rights, and take an aggressive stance against the cyber armies of US adversaries.
APT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target.
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.
Alan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States.
The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia.
Among the top exploited zero-day vulnerabilities were bugs found in systems from Citrix and Cisco.