Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Keep Tier-One Applications Out of Virtual Environments

Crafty bad actors can infect all of an organization's virtual machines at once, rendering tier-one applications useless.

DARKReading
Open in Source
#vulnerability#mac#git#intel#vmware#auth
Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn’t fully delivered on its potential, leaving SOCs still grappling with many of the same

ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function

A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation and shipping companies so as to inject malicious content into existing email conversations. As many

6 Cybersecurity Headaches Sports Organizations Have to Worry About

Leaders in professional athletics lament the realities and risks of growth in connected stadium environments, social networks, and legalized gambling.

Security Concerns Plague Emerging Chip Architecture

The RISC-V chip architecture is gaining popularity worldwide, but the fact that it is easy to modify the processor design means it is also easy to introduce hard-to-patch vulnerabilities in the chips.

Critical Automated Tank Gauge Bugs Threaten Critical Infrastructure

The security vulnerabilities could lead to everything from gas spills to operations data disclosure, affecting gas stations, airports, military bases, and other hypersensitive locations.

Harnessing the Power of Cloud App Development and DevOps for Modern Businesses

Leverage Cloud App Development and DevOps to boost business agility, scalability, and security. Optimize operations, deploy faster, and…

ABB Cylon Aspect 3.08.01 Remote Code Execution

ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile() function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite() function, allowing arbitrary file writes. Combined with an improper sanitization of file paths, this leads to directory traversal, allowing an attacker to upload malicious files to arbitrary locations. Once a malicious file is written to an executable directory, an authenticated attacker can trigger the file to execute code and gain unauthorized access to the building controller.

ABB Cylon Aspect 3.08.01 Arbitrary File Deletion

ABB Cylon Aspect version 3.08.01 MS/BAS controller suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in databasefiledelete.php is not properly sanitized before being used to delete files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.