#ios

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 devices Vulnerabilities: Improper Certificate Validation, Cleartext Transmission of Sensitive Information, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Cross-site Scripting, Permissive List of Allowed Inputs, Relative Path Traversal, Improper Restriction of Excessive Authentication Attempts, Use of Externally-Controlled Format String, Access of Uninitialized Pointer, Out-of-bounds Write, Open Redirect, Improper Input Validation, Insertion of Sensitive Information into Log File, Heap-based Buffer Overflow, ...

ThreatDown has earned a perfect score in the AVLabs test for the eleventh consecutive quarter.

### Summary aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue also existed in other SMTP software like Postfix (https://www.postfix.org/smtp-smuggling.html). ### Details Detailed information on SMTP smuggling can be found in the full blog post (https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/) or on the Postfix homepage (https://www.postfix.org/smtp-smuggling.html). (and soon on the official website https://smtpsmuggling.com/) ### Impact With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances.

Microsoft patched 61 vulnerabilities in the March 2024 Patch Tuesday round, including two critical flaws in Hyper-V.

MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability.

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple's new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws.

By Waqas The February 2024 Global Threat Index report released by Check Point Software Technologies Ltd. exposes the alarming vulnerability of cybersecurity worldwide. This is a post from HackRead.com Read the original post: FakeUpdates Malware Campaign Targets WordPress – Millions of Sites at Risk

### Impact ZITADEL uses a cookie to identify the user agent (browser) and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and provide a malicious link hosted on the subdomain to the user to gain access to the victim’s account in certain scenarios. A possible victim would need to login through the malicious link for this exploit to work. If the possible victim already had the cookie present, the attack would not succeed. The attack would further only be possible if there was an initial vulnerability on the subdomain. This could either be the attacker being able to control DNS or a XSS vulnerability in an application hosted on a subdomain. ### Patches 2.x versions are fixed on >= [2.46.0](https://github.com/zitadel/zitadel/releases/tag/v2.46.0) 2.45.x versions are fixed on >= [2.45.1](https://github.com/zitadel/zitadel/releases/tag/v2.45.1) 2.44.x versio...

Public clouds provide geo resilience in addition to being cost-effective when compared to on-premise deployments. Regulated industries such as the Financial Services Industry (FSI) traditionally have been unable to take advantage of public clouds since FSI is highly regulated from a security and resiliency standpoint.Confidential computing (CC) and specifically confidential containers (CoCo) in the cloud provide data protection and integrity capabilities, facilitating the migration of financial workloads to the cloud.In this blog we will look at the Financial Services Industry and how it can d

By Owais Sultan In today’s era of remote work and travel, having the right technology can make all the difference for… This is a post from HackRead.com Read the original post: Apple Tech Must Haves For Digital Nomads