#intel

US sanctions Beijing-based Integrity Technology Group for aiding “Flax Typhoon” hackers in cyberattacks on American infrastructure, freezing assets…

The ABB BMS/BAS controller suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute arbitrary SQL commands.

The ABB BMS/BAS controller suffers from a weak password policy, allowing users to set overly simplistic or blank passwords and usernames without restrictions. This vulnerability significantly reduces account security, enabling attackers to exploit weak credentials for unauthorized access to the system.

The ABB BMS/BAS controller suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute arbitrary SQL commands.

The application suffers from cleartext transmission and storage of sensitive information in a Cookie. This includes the globals parameter, where authdata contains base64-encoded credentials. A remote attacker can intercept the HTTP Cookie, including authentication credentials, through a man-in-the-middle attack, potentially compromising user accounts and sensitive data.

The ABB BMS/BAS controller suffers from an authenticated reflected cross-site scripting vulnerability. Input passed to the GET parameters 'name' and 'id' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

The ABB Cylon Aspect BMS/BAS controller contains multiple instances of hard-coded credentials, including usernames, passwords, and encryption keys embedded in various java classes. This practice poses significant security risks, allowing attackers to gain unauthorized access and compromise the system's integrity.

In just two years, LLMs have become standard for developers — and non-developers — to generate code, but companies still need to improve security processes to reduce software vulnerabilities.

AI is now essential for businesses, driving efficiency, innovation, and growth. Leverage its power for better decisions, customer…

A list of topics we covered in the weeks of December 16 to January 5 of 2025