Latest News

### Impact Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware detailed in the blog post below. This includes the extremely popular jsdelivr hosting of this file. ### Patches We unpublished the version on npm. ### Workarounds This has already been unpublished. See Prebid.js 9 release notes for suggestions on moving off the deprecated workflow of using the PUC or pointing to a dynamic version of it. PUC users pointing to latest should transition to 1.17.2 ASAP to avoid similar attacks in the future. ### References https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack

### Impact NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. ### Patches 10.10.0 is solved ### References https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack

Alongside new iPhones, Apple released a new security architecture on Tuesday: Memory Integrity Enforcement aims to eliminate the most frequently exploited class of iOS bugs.

LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but…

Several AI chatbot apps are leaking user data for several reasons, but mostly because security is an afterthought.

Many state departments are warning about scam text messages targeting motorists. Here's how you can recognize them.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340, BMXNOE0100, and BMXNOE0110 Vulnerability: Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to prevent firmware updates and disrupt the webserver's proper behavior by removing specific files or directories from the filesystem. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Modicon M340: All versions Modbus/TCP Ethernet Modicon M340 module: Versions prior to SV3.60 Modbus/TCP Ethernet Modicon M340 FactoryCast module: Versions prior to SV6.80 3.2 VULNERABILITY OVERVIEW 3.2.1 FILES OR DIRECTORIES ACCESSIBLE TO EXTERNAL PARTIES CWE-552 A Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 2.3 ATTENTION: Exploitable from adjacent network Vendor: Siemens Equipment: SINEC OS Vulnerabilities: Uncontrolled Resource Consumption, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access non-sensitive information without authentication or potentially cause a temporary denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens RUGGEDCOM RST2428P (6GK6242-6PA00): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 The affected d...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: User Management Component (UMC) Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIMATIC PCS neo V4.1: All versions Siemens SIMATIC PCS neo V5.0: All versions Siemens User Management Component (UMC): Versions prior to 2.15.1.3 3.2 VULNERABILITY OVERVIE...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Edge Management OS (IEM-OS) Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Industrial Edge Management OS (IEM-OS): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770 Allocation of resources for multipart headers with insufficient limits ...