#web

The scam is spreading across the US and impersonates the specific toll-collection services of each state in malicious SMS messages.

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in

A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

By Deeba Ahmed Alarming social engineering attacks target critical open-source projects! Learn how to protect your project and the open-source community from takeovers. This is a post from HackRead.com Read the original post: OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects

Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the ,identification of these attacks. Cisco Talos is actively monitoring a global increase in brute-force attacks against a variety

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Measuresoft Equipment: ScadaPro Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges from unprivileged to SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ScadaPro, a supervisory control and data acquisition (SCADA) system, are affected: ScadaPro: version 6.9.0.0 3.2 Vulnerability Overview 3.2.1 IMPROPER ACCESS CONTROL CWE-284 The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files. CVE-2024-3746 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). A CVSS v4 score has also been calculated for CVE-2024-3746. A base score of 6.8 has been calculat...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Electrolink Equipment: FM/DAB/TV Transmitter Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and Integrity Checking, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Electrolink transmitters are affected: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W, 1kW, 2kW Compact FM Transmitter 3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter 15W - 40kW Digital FM Transmitter BI, BIII VHF TV Tra...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, 1756-EN4TR Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a major nonrecoverable fault (MNRF) resulting in the product to become unavailable. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation ControlLogix and GuardLogix, programmable logic controllers, are affected: ControlLogix 5580: Version V35.011 GuardLogix 5580: Version V35.011 CompactLogix 5380: Version V35.011 1756-EN4TR: Version V5.001 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF). If exploited, the affected pr...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low attack complexity Vendor: RoboDK Equipment: RoboDK Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker crashing the program through heap-based buffer overflow. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of RoboDK, a robotics development software, are affected: RoboDK: RoboDK v5.5.4 (Windows 64 bit) 3.2 Vulnerability Overview 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 The affected product is vulnerable to heap-based buffer overflow while processing a specific project file. The resulting memory corruption may crash the application. CVE-2024-0257 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCAT...

By Waqas Hacker "IntelBroker" claims to have breached Space-Eyes, a geospatial intelligence firm, exposing US national security data. Authorities investigate the claim that could impact sensitive government operations. This is a post from HackRead.com Read the original post: IntelBroker Claims Space-Eyes Breach, Targeting US National Security Data