#intel

Counterfeit Facebook pages and sponsored ads on the social media platform are being employed to direct users to fake websites masquerading as Kling AI with the goal of tricking victims into downloading malware. Kling AI is an artificial intelligence (AI)-powered platform to synthesize images and videos from text and image prompts. Launched in June 2024, it's developed by Kuaishou Technology,

An arson attack in Colorado had detectives stumped. The way they solved the case could put everyone at risk.

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.

Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec…

Weeks after LockBit ransomware breach, leaked data reveals how affiliates generate ransomware, set ransom demands, and often walk away unpaid.

Nitrogen, a ransomware strain, has emerged as a major threat to organizations worldwide, with a particular focus on…

The ABB Cylon FLXeon BACnet controller's /api/uukl.js module implements password verification and update mechanisms using the insecure MD5 hash function alongside weak salt generation via Math.random(). This constitutes a cryptographic vulnerability where password hashes are susceptible to collision and brute-force attacks due to MD5's known weaknesses and the low entropy of the salt. Specifically, in the verify() and change() functions, passwords are hashed using MD5 with predictable, non-cryptographically secure salts, then stored in plaintext-accessible files. This undermines the integrity of the authentication process, enabling attackers with file system access or knowledge of the implementation to precompute hash values or mount dictionary attacks.

The ABB Cylon FLXeon BACnet controller suffers from a configuration poisoning vulnerability in the put() function of bbmdList.js, where the writeFile() function is invoked to persist user-controlled data (req.body.bipList and req.body.natList) directly into sensitive configuration files (/etc/bdt.txt and /etc/bdt2.txt). This write operation lacks input validation and integrity checks allowing an attacker to supply crafted JSON payloads to inject or overwrite trusted BACnet BBMD entries. As these files are critical for network configuration, exploitation may result in unauthorized network redirection, denial of service, or insertion of rogue nodes into the system, thereby undermining the integrity and security of OT network communications.

The ABB Cylon FLXeon BACnet controller is vulnerable to a path traversal flaw in its capture.js endpoint due to unsanitized user input being directly concatenated into a filesystem path. An attacker can exploit this by supplying crafted file names to access arbitrary files outside the intended var/ directory. Additionally, the use of Fs.unlinkSync() after serving the file introduces a destructive impact, allowing attackers to delete system or application files.

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated file traversal via the /api/siteGuide endpoint. An attacker with valid credentials can manipulate the filename parameter to move and access or overwrite arbitrary files. The issue arises due to improper input validation in siteGuide.js, where user-supplied data is not properly sanitized, allowing directory traversal attacks.