#auth

The rate of evolution has been glacial, but tools now understand cloud environments and can target Web applications.

Palo Alto, USA, 30th January 2025, CyberNewsWire

Palo Alto, USA, 30th January 2025, CyberNewsWire

The sudden rise of DeepSeek has raised questions of data origin, data destination, and the security of the new AI model.

The addition of Solvo CSPM to CYE Hyver aims to address the need for multicloud vulnerability monitoring and risk assessment.

An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort has targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these websites are now greeted by a seizure banner that says they were confiscated

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk AssetCentre Vulnerabilities: Inadequate Encryption Strength, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to extract passwords, access, credentials, or impersonate other users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation FactoryTalk AssetCentre are affected: FactoryTalk AssetCentre: All versions prior to V15.00.001 3.2 Vulnerability Overview 3.2.1 INADEQUATE ENCRYPTION STRENGTH CWE-326 An encryption vulnerability exists in all versions prior to V15.00.001 of FactoryTalk AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application. CVE-2025-0477 has been assigned to this vulnerability. A CVSS v3.1 base scor...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: UNEM Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Argument Injection, Heap-based Buffer Overflow, Improper Certificate Validation, Use of Hard-coded Password, Improper Restriction of Excessive Authentication Attempts, Cleartext Storage of Sensitive Information, Incorrect User Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial of service, execute unintended commands, access sensitive information, or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: UNEM: Versions R15A and prior UNEM: R15B (CVE-2024-28022, CVE-2024-28024, CVE-2024-28020) UNEM: R15B PC4 (CVE-2024-2013, CVE-2024-2012, CVE-2024-2011, CVE-2024-28021, CVE-2024-28023) UNEM: R16A UNEM: R16B (CVE-2024-28022, CVE-2024-280...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony Industrial PC, Pro-face Industrial PC Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: System Monitor application in Harmony Industrial PC: All versions System Monitor application in Pro-face Industrial PC: All versions 3.2 Vulnerability Overview 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 An information exposure vulnerability exists that could cause exposure of credentials when attacker has access to application on network over HTTP. CVE-2024-8884 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (C...

This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access.