Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a

The Hacker News
Open in Source
#vulnerability#microsoft#kubernetes#intel#auth#The Hacker News
Open Source Tool Looks for Signals in Noisy AWS Cloud Logs

Permiso Security announced Cloud Console Cartographer during Black Hat Asia to help defenders look inside Amazon Web Services events logs for signs of cyberattacks.

Elber Wayber Analog/Digital Audio STL 4.00 Device Config

The device suffers from an unauthenticated device configuration and client-side hidden functionality disclosure.

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

The device suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config

The device suffers from an unauthenticated device configuration and client-side hidden functionality disclosure.

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass

The device suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config

The device suffers from an unauthenticated device configuration and client-side hidden functionality disclosure.

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass

The device suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config

The device suffers from an unauthenticated device configuration and client-side hidden functionality disclosure.

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass

The device suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.