Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Security Concerns Plague Emerging Chip Architecture

The RISC-V chip architecture is gaining popularity worldwide, but the fact that it is easy to modify the processor design means it is also easy to introduce hard-to-patch vulnerabilities in the chips.

DARKReading
#vulnerability#mac#google#microsoft#git#intel#backdoor#perl#amd#alibaba#auth
Critical Automated Tank Gauge Bugs Threaten Critical Infrastructure

The security vulnerabilities could lead to everything from gas spills to operations data disclosure, affecting gas stations, airports, military bases, and other hypersensitive locations.

Harnessing the Power of Cloud App Development and DevOps for Modern Businesses

Leverage Cloud App Development and DevOps to boost business agility, scalability, and security. Optimize operations, deploy faster, and…

ABB Cylon Aspect 3.08.01 Remote Code Execution

ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile() function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite() function, allowing arbitrary file writes. Combined with an improper sanitization of file paths, this leads to directory traversal, allowing an attacker to upload malicious files to arbitrary locations. Once a malicious file is written to an executable directory, an authenticated attacker can trigger the file to execute code and gain unauthorized access to the building controller.

ABB Cylon Aspect 3.08.01 Arbitrary File Deletion

ABB Cylon Aspect version 3.08.01 MS/BAS controller suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in databasefiledelete.php is not properly sanitized before being used to delete files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.

Managing Cyber-Risk Is No Different Than Managing Any Business Risk

A sound cyber-risk management strategy analyzes all the business impacts that may stem from an attack and estimates the related costs of mitigation versus the costs of not taking action.

Russia-Backed Media Outlets Are Under Fire in the US—but Still Trusted Worldwide

The US government says outlets like RT work closely with Russian intelligence, and platforms have removed or banned their content. But they’re still influential all around the world.

The SSPM Justification Kit

SaaS applications contain a wealth of sensitive data and are central to business operations. Despite this, far too many organizations rely on half measures and hope their SaaS stack will remain secure. Unfortunately, this approach is lacking and will leave security teams blind to threat prevention and detection, as well as open to regulatory violations, data leaks, and significant breaches. If

RomCom Malware Resurfaces With SnipBot Variant

The latest version of the evolving threat is a multistage attack demonstrating a move away from ransomware to purely espionage activities, typically targeting Ukraine and its supporters.

Meet UNC1860: Iran's Low-Key Access Broker for State Hackers

The group has used more than 30 custom tools to target high-value government and telecommunications organizations on behalf of Iranian intelligence services, researchers say.