Security
Headlines
HeadlinesLatestCVEs

Tag

#amazon

Siemens Third-Party Components in SINEC OS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Third-Party Components in SINEC OS Vulnerabilities: Improper Input Validation, Use After Free, Out-of-bounds Read, Incorrect Check of Function Return Value, Incorrect Comparison, Improper Control of Resource Identifiers ('Resource Injection'), Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), NULL Pointer Dereference, Excessive Platform Resource Consumption within a Loop, Allocation of Resources Without Limits or Throttling, Improper Restriction of Operations within the Bounds of a Memory Buffer, Buffer Copy with...

us-cert
Open in Source
#sql#vulnerability#web#ios#mac#google#amazon#ubuntu#linux#dos#git#intel#php#c++#perl#samba#amd#bios#buffer_overflow#auth#wifi#ssl
Fake Minecraft Installer Spreads NjRat Spyware to Steal Data

Fake Minecraft clone Eaglercraft 1.12 Offline spreads NjRat spyware stealing passwords, spying via webcam and microphone, warns Point…

That “Amazon Safety Recall” message may well be a scam

Scammers are using the age old tactic of scaring victims into clicking by sending out fake product recall messages from Amazon.

Online portal exposed car and personal data, allowed anyone to remotely unlock cars

A carmaker has been found to be open to leaking vehicle data and customer information through their dealership portal.

Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking

A software developer discovered a way to abuse an undocumented protocol in Amazon's Elastic Container Service to escalate privileges, cross boundaries and gain access to other cloud resources.

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the

Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach

Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.

Trump Administration and Big Tech want you to share your health data

The Trump Administration is working with 60 companies on a plan to have Americans voluntarily upload their healthcare and medical data.

Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data

A hacker injected a malicious prompt into Amazon Q via GitHub, aiming to delete user files and wipe AWS data, exposing a major security flaw.

Can Security Culture Be Taught? AWS Says Yes

Newly appointed Amazon Web Services CISO Amy Herzog believes security culture goes beyond frameworks and executive structures. Having the right philosophy throughout the organization is key.