Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Configuration Download

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the CSV DB that contains the configuration mappings information via the VMobileImportExportServlet by directly calling the vstatConfigurationDownload.php script.

Packet Storm
Open in Source
#vulnerability#web#linux#apache#java#intel#php#auth
Akuvox Smart Intercom/Doorphone ServicesHTTPAPI Improper Access Control

The Akuvox Smart Intercom/Doorphone suffers from an insecure service API access control. The vulnerability in ServicesHTTPAPI endpoint allows users with "User" privileges to modify API access settings and configurations. This improper access control permits privilege escalation, enabling unauthorized access to administrative functionalities. Exploitation of this issue could compromise system integrity and lead to unauthorized system modifications.

How Learning to Fly Made Me a Better Cybersecurity CEO

The lessons I've learned soaring through the skies have extended far beyond the runway.

Red Hat Security Advisory 2024-10379-03

Red Hat Security Advisory 2024-10379-03 - An update for pam is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

Medical testing company LifeLabs failed to protect customer data, report finds

LifeLabs managed to hold up a report about a ransomware incident in court for four years. It's now been published.

Russian Script Kiddie Assembles Massive DDoS Botnet

Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices — and enterprise servers.

Microsoft Finally Releases Recall as Part of Windows Insider Preview

The preview version now includes multiple security-focused additions Microsoft had promised to add, such as SecureBoot, BitLocker, and Windows Hello.

INTERPOL Arrests 1,000 and Dismantles Cybercrime Networks Across Africa

Group-IB collaborated with INTERPOL and AFRIPO in a major crackdown on cybercrime in Africa for “Operation Serengeti.” This…

Israel Defies VC Downturn With More Cybersecurity Investments

With a focus on creating technologies for other markets, Israel continues to be a valued destination for venture capital in cybersecurity outside the US and Europe.

Hacker in Snowflake Extortions May Be a U.S. Soldier

Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.