Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

ABB Cylon FLXeon 9.3.4 Default Credentials

The ABB Cylon FLXeon BACnet controller uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.

Zero Science Lab
Open in Source
#vulnerability#web#linux#nodejs#js#intel#pdf
ABB Cylon FLXeon 9.3.4 (cert.js) System Logs Information Disclosure

An authenticated attacker can access sensitive information via the system logs page of ABB Cylon FLXeon controllers. The logs expose critical data, including the OpenSSL password for stored certificates. This information can be leveraged for further attacks, such as decrypting encrypted communications, impersonation, or gaining deeper system access.

Siemens Opcenter Intelligence

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Opcenter Intelligence Vulnerabilities: Improper Authentication, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data, Insertion of Sensitive Information into Log File, Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to change passwords for users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens O...

AI and Security - A New Puzzle to Figure Out

AI is everywhere now, transforming how businesses operate and how users engage with apps, devices, and services. A lot of applications now have some Artificial Intelligence inside, whether supporting a chat interface, intelligently analyzing data or matching user preferences. No question AI benefits users, but it also brings new security challenges, especially Identity-related security

Japan Goes on Offense With New 'Active Cyber Defense' Bill

Japan is on a mission to catch up to the US standard of national cyber preparedness, and its new legislation is a measure intended to stop escalating Chinese cyber-espionage efforts, experts say.

President Trump to Nominate Former RNC Official as National Cyber Director

Sean Cairncross will be one of the primary advisers to the administration on national cybersecurity matters.

Content Credentials Technology Verifies Image, Video Authenticity

The open technology, which tackles disinformation, has gained steam in the past year, surpassing 500 corporate members and continuing to evolve.

Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks

US, UK, and Australian law enforcement have targeted a company called Zservers (and two of its administrators) for providing bulletproof hosting services to the infamous ransomware gang.

Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally

Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world.