#auth

Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”.

A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.

**Summary / Details** Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.0-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authenticated Cassandra users to remotely bypass RBAC to access data and and escalate their privileges. **Affected Versions** - Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 - versions 4.1.0-1.0.0 through 4.1.8-1.0.0 when installed into Apache Cassandra version 4.x. **Required Configuration for Exploit** These are the conditions required to enable exploit: 1. Cassandra 4.x 2. Vulnerable version of the Cassandra-Lucene-Index plugin configured for use 3. Data added to tables 4. Lucene index created 5. Cassandra flush has run **Mitigation/Prevention** Mitigation requires dropping all Lucene indexes and stopping use of the plugin. Exploit will be possibl...

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.

User sessions on ABB Cylon FLXeon controllers remain active for up to seven days, even after a client-side logout. Clicking "Log Out" does not properly revoke the session on the server, allowing attackers with access to stolen session tokens to maintain unauthorized access. This increases the risk of session hijacking and privilege abuse.

An authenticated attacker can access sensitive information via the system logs page of ABB Cylon FLXeon controllers. The logs expose critical data, including the OpenSSL password for stored certificates. This information can be leveraged for further attacks, such as decrypting encrypted communications, impersonation, or gaining deeper system access.

New Astaroth Phishing Kit bypasses 2FA (two-factor authentication) to steal Gmail, Yahoo and Microsoft login credentials using a…

Super-admin access vulnerability discovered in FortiOS Security Fabric. Exploitation could lead to widespread network breaches. Update now. Fortinet has…

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Manager Vulnerabilities: OS Command Injection, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary OS commands, upload files, and obtain sensitive information without providing associated credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following mySCADA products are affected: myPRO Manager: Versions prior to 1.4 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS Command ('OS COMMAND INJECTION') CWE-78 The affected product is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. CVE-2025-25067 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIPROTEC 5 Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIPROTEC 5 7SK85 (CP300): All versions prior to V9.90 Siemens SIPROTEC 5 7SJ81 (CP100): All versions Siemens SIPROTEC 5 7SL86 (CP300): All versions prior to V9.90 Siemens SIPROTEC 5 7SL86 (CP200): All versions Siemens SIPROTEC 5 7SJ86 (...