Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Flowmon Unauthenticated Command Injection

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02.

Packet Storm
#vulnerability#web#linux#git#xpath#pdf#auth#ssl
Siemens CP-XXXX Series Exposed Serial Shell

Siemens CP-XXXX Series (CP-2014, CP-2016, CP-2017, CP-2019, CP-5014) expose serial shells on multiple PLCs. A serial interface can be accessed with physical access to the PCB. After connecting to the interface, access to a shell with various debug functions as well as a login prompt is possible. The hardware is no longer produced nor offered to the market.

Fake Antivirus Sites Spread Malware Disguised as Avast, Malwarebytes, Bitdefender

By Deeba Ahmed Trellix research exposes the dangers of fake antivirus websites disguised as legitimate security software but harbouring malware. Learn… This is a post from HackRead.com Read the original post: Fake Antivirus Sites Spread Malware Disguised as Avast, Malwarebytes, Bitdefender

Fake Antivirus Sites Spread Malware Disguised as Avast, Malwarebytes, Bitdefender

By Deeba Ahmed Trellix research exposes the dangers of fake antivirus websites disguised as legitimate security software but harbouring malware. Learn… This is a post from HackRead.com Read the original post: Fake Antivirus Sites Spread Malware Disguised as Avast, Malwarebytes, Bitdefender

Essential Features of Cybersecurity Management Software for MSPs

By Uzair Amir Protect your clients’ businesses from cyber threats with Cybersecurity Management Software. Explore the unified control panel, real-time threat… This is a post from HackRead.com Read the original post: Essential Features of Cybersecurity Management Software for MSPs

4BRO Insecure Direct Object Reference / API Information Exposure

4BRO versions prior to 2024-04-17 suffer from insecure direct object reference and API information disclosure vulnerabilities.

Red Hat Security Advisory 2024-3352-03

Red Hat Security Advisory 2024-3352-03 - An update for etcd is now available for Red Hat OpenStack Platform 16.2. Issues addressed include a denial of service vulnerability.

GHSA-87pf-7x99-5xc4: Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant. Even with this restriction in place, SilverStripe trusts a variety of HTTP headers due to different proxy notations (e.g. X-Forwarded-For vs. Client-IP). Unless a proxy explicitly unsets invalid HTTP headers from connecting clients, this can lead to spoofing requests being passed through trusted proxies. The impact of spoofed headers can include Director::forceSSL() not being enforced, SS_HTTPRequest->getIP() returning a wrong IP (disabling any IP restrictions), and spoofed hostnames circumventing any hostname-specific restrictions enforced in SilverStripe Controllers. Regardless on running a reverse proxy in your hosting infrastructure, please follow the instructions on Secure Coding: Reques...

He Trained Cops to Fight Crypto Crime—and Allegedly Ran a $100M Dark-Web Drug Market

The strange journey of Lin Rui-siang, the 23-year-old accused of running the Incognito black market, extorting his own site’s users—and then refashioning himself as a legit crypto crime expert.

New Bitcoin Token Protocol “Runes” Carries Potential Phishing Risk

By Owais Sultan Is the innovative Runes protocol on Bitcoin a cybersecurity concern waiting to happen? Cybersecurity experts at Resonance Security… This is a post from HackRead.com Read the original post: New Bitcoin Token Protocol “Runes” Carries Potential Phishing Risk