#auth

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software (

A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio. “Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SICAM A8000 Vulnerability: Use of Uninitialized Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated remote attacker to inject commands that are executed on the device with root privileges during device startup. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products, are affected: CP-8031 MASTER MODULE (6MF2803-1AA00): All versions prior to CPCI85 V05.20 CP-8050 MASTER MODULE (6MF2805-0AA00): All versions prior to CPCI85 V05.20 3.2 Vulnerability Overview 3.2.1 USE OF UNINITIALIZED RESOURCE CWE-908 The networ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely, low attack complexity Vendor: Rapid Software LLC Equipment: Rapid SCADA Vulnerabilities: Path Traversal, Relative Path Traversal, Local Privilege Escalation through Incorrect Permission Assignment for Critical Resource, Open Redirect, Use of Hard-coded Credentials, Plaintext Storage of a Password, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker reading sensitive files from the Rapid Scada server, writing files to the Rapid Scada directory (thus achieving code execution), gaining access to sensitive systems via legitimate-seeming phishing attacks, connecting to the server and perfoming attacks using the high privileges of a service, obtaining administrator passwords, learning sensitive information about the internal code of the application, or achieving remote code execution. 3. TECHNICAL DETAILS 3.1 AFFE...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3: 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Spectrum Power 7 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local attacker to inject arbitrary code and gain root access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: Spectrum Power 7: All versions prior to V23Q4 3.2 Vulnerability Overview 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 The affected product's sudo configuration permits the local administrative account to execute several entries...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow and attacker to obtain remote unauthorized access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products with maxView Storage Manager on Windows, are affected: SIMATIC IPC647E: All versions prior to V4.14.00.26068 SIMATIC IPC847E: All versions prior to V4.14.00.26068 SIMATIC IPC1047E: All versions prior to V4.14.00.26068 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 In default installations...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Authorization Bypass Through User-Controlled Key, Improper Input Validation, Use of Default Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely login as root or cause denial of service condition of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC CN 4100: Versions prior to V2.7 3.2 Vulnerability Overview 3.2.1 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639 The "intermediate installation"...

More than 4 million school records, including safety procedures, student medical files, and court documents, were also publicly accessible online.

Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising headline from 2023 is that ransomware again set new records for a number of incidents and the damage inflicted. We saw new headlines every week, which included a who’s-who of big-name organizations. If MGM, Johnson Controls, Chlorox, Hanes Brands, Caesars

The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service (DaaS) group. "Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X's 2FA policy, we were not adequately protected," the threat intelligence firm said