#zero_day

A balance of rigorous supplier validation, purposeful data exposure, and meticulous preparation is key to managing and mitigating risk.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DTM Soft Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta Electronics products are affected: DTM Soft: Versions 1.30 and prior 3.2 Vulnerability Overview 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 The affected product deserializes objects, which could allow an attacker to execute arbitrary code. CVE-2024-12677 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-12677. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE S...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Tibbo Equipment: AggreGate Network Manager Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve code execution on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Tibbo products are affected: Aggregate Network Manager: Versions 6.34.02 and prior 3.2 Vulnerability Overview 3.2.1 Unrestricted Upload of File with Dangerous Type CWE-434 There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server. CVE-2024-12700 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated f...

SUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified…

Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks?

SUMMARY The Cl0p ransomware group has recently claimed responsibility for exploiting a critical vulnerability in Cleo’s managed file…

Find out the key security risks of firmware security: Identify threats, and learn best practices and protection methods…

Plus: The US indicts North Koreans in fake IT worker scheme, file-sharing firm Cleo warns customers to patch a vulnerability amid live attacks, and more.

Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued.