Latest News

Ubuntu Security Notice 7118-1 - It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

Ubuntu Security Notice 7091-2 - USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for ruby2.7 in Ubuntu 20.04 LTS. It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ruby incorrectly handled parsing of an XML document that has many entity expansions with SAX2 or pull parser API. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. It was discovered that Ruby incorrectly handled parsing of an XML document that has many digits in a hex numeric character reference. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service.

The future of cybersecurity isn't about preventing every breach — it's about learning and growing stronger with each attack.

When a cybersecurity incident occurs, it's not just IT systems and data that are at risk — a company's reputation is on the line, too.

Choosing the best on-ramp and off-ramp solutions is a key part of navigating the cryptocurrency landscape – to…

Privileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team.  As an established provider of a PAM solution, we’ve witnessed firsthand how PAM transforms organizational security. In

Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity Vendor: CODESYS GmbH Equipment: OSCAT Basic Library Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability allows an local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions CODESYS OSCAT, are affected: CODESYS OSCAT Basic Library: Version 3.3.5.0 oscat.de OSCAT Basic Library: Versions 3.3.5 and prior oscat.de OSCAT Basic Library: Versions 335 and prior 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS READ CWE-125 The affected product is vulnerable to an out-of-bounds read in the OSCAT Basic Library, which allows a local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service. CVE-2024-6876 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.1 has been calculated;...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Automated Logic Equipment: WebCTRL Premium Server Vulnerabilities: Unrestricted Upload of File with Dangerous Type, URL Redirection to Untrusted Site ('Open Redirect') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary commands on the server hosting WebCTRL or redirect legitimate users to malicious sites. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Automated Logic products are affected: Automated Logic WebCTRL® Server : Version 7.0 Carrier i-Vu: Version 7.0 Automated Logic SiteScan Web: Version 7.0 Automated Logic WebCTRL for OEMs: Version 7.0 3.2 Vulnerability Overview 3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434 A vulnerability in Automated Logic WebCTRL 7.0 allows an unauthenticated user to upload files of dangerous types without restrictions, which could lead to re...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M340, MC80, and Momentum Unity M1E Vulnerabilities: Improper Enforcement of Message Integrity During Transmission in a Communication Channel, Authentication Bypass by Spoofing 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve password hashes or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric Modicon M340, MC80, and Momentum Unity M1E are affected: Modicon M340 CPU (part numbers BMXP34*): All versions (CVE-2024-8933) Modicon M340 CPU (part numbers BMXP34*): versions after SV3.60 (CVE-2024-8935) Modicon MC80 (part numbers BMKC80): All versions (CVE-2024-8933) Modicon Momentum Unity M1E Processor (171CBU*): All versions (CVE-2024-8933) 3.2 Vulnerability Overview 3.2.1 Improper Enforcement of Message Integrity During Transmission in a Communi...