#web

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: B&R Equipment: Automation Runtime Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to masquerade as legitimate services on impacted devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS B&R reports that the following products are affected: B&R Automation Runtime: versions prior to 6.1 B&R mapp View: versions prior to 6.1 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327 A "Use of a Broken or Risky Cryptographic Algorithm" vulnerability in the SSL/TLS component used in B&R Automation Runtime versions <6.1 and B&R mapp View versions <6.1 may be abused by unauthenticated network-based attackers to masquerade as legitimate services on impacted devices. CVE-2024-8603 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assi...

The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet.

Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany.

Subaru STARLINK flaw exposed a critical security vulnerability, enabling unauthorized access to vehicle tracking, remote control, and sensitive…

The popularity of the TF2 gaming and trading scene attracts scammers with phishing, fake trades, and malicious tools.…

One of the largest data breaches in history was apparently twice as impactful as previously thought, with PII belonging to hundreds of millions of people sitting in the hands of cybercriminals.

Amid ongoing fears over TikTok, Chinese generative AI platform DeepSeek says it’s sending heaps of US user data straight to its home country, potentially setting the stage for greater scrutiny.

Attackers aim to steal people's personal and payment-card data in the campaign, which dangles the threat of an undelivered package and has the potential to reach organizations in more than 50 countries.

About Authentication Bypass – FortiOS (CVE-2024-55591) vulnerability. A critical flaw allows remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module. Affected systems include Fortinet devices running FortiOS (e.g., FortiGate NGFW) and FortiProxy. 🔹 On January 10, Arctic Wolf reported attacks on Fortinet devices that began in November 2024. Attackers create […]

A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.