Tag
#auth
The sophisticated Chinese cyberattacks of today rest on important groundwork laid during the pandemic and before.
Misconfigurations, weak authentication, and logic flaws are among the main drivers of API security risks at many organizations.
Factory automation software from Mitsubishi Electric and Rockwell Automation could be subject to remote code execution (RCE), denial-of-service (DoS), and more.
As organizations centralize IT security, the risk of espionage is silently becoming a more profitable threat.
ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By enabling badassMode and setting the skipChecksum parameter, the system skips integrity verification, allowing attackers to upload or install altered CalDAV zip files without authentication. This vulnerability permits unauthorized file modifications, potentially exposing the system to tampering or malicious uploads.
SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.
SmartAgent version 1.1.0 suffers from a server-side request forgery vulnerability.
SmartAgent version 1.1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.
When a CISO can articulate risk in context to the business as a whole, development teams can better prioritize their activities.
With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams. Misconfigurations are silent killers, leading to major