#web

By Cyber Newswire Center Identity, a pioneering cybersecurity company, is excited to unveil its patented secret location authentication, reshaping how businesses… This is a post from HackRead.com Read the original post: Center Identity Launches Patented Passwordless Authentication for Businesses

Cybercriminals are using AI to impersonate small businesses. Security architects are using it to help small businesses fight back.

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. CoralRaider has been operating since at least 2023, targeting victims in several Asian and Southeast Asian countries.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Asset Suite 9 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use an authentication anomaly to successfully invoke the REST service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy's Asset Suite, an enterprise asset management tool, are affected: Asset Suite: Versions prior to 9.6.3.13 Asset Suite: Versions prior to 9.6.4.1 3.2 Vulnerability Overview 3.2.1 IMPROPER AUTHENTICATION CWE-287 REST service authentication anomaly with "valid username/no password" credential combination for batch job processing may result in successful service invocation. The anomaly doesn't exist with other credential combinations. CVE-2024-2244 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (A...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schweitzer Engineering Laboratories Equipment: SEL 700 series relays Vulnerability: Inclusion of Undocumented Features 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make modifications or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schweitzer Engineering Laboratories products are affected: SEL-700BT Motor Bus Transfer Relay: R301-V0 up to but not including R301-V6 SEL-700BT Motor Bus Transfer Relay: R302-V0 up to but not including R302-V1 SEL-700G Generator Protection Relay: R100-V0 up to but not including R301-V6 SEL-700G Generator Protection Relay: R302-V0 up to but not including R302-V1 SEL-710-5 Motor Protection Relay: R100-V0 up to but not including R302-V1 SEL-751 Feeder Protection Relay: R101-V0 up to but not including R302-V3 SEL-751 Feeder Protection Relay: R400-V0 up to but not i...

New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks. The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024. "Many HTTP/2 implementations do not properly limit or sanitize the

As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

Nearly three months after Operation Cronos, it's clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention.