Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Harnessing AI for Proactive Threat Intelligence and Advanced Cyber Defense

Discover how AI revolutionizes cybersecurity with real-time threat detection, adaptive protection, and advanced data protection to combat evolving…

HackRead
Open in Source
#vulnerability#ios#mac#windows#ddos#dos#git#intel#auth#zero_day
Google Chrome AI extensions deliver info-stealing malware in broad attack

At least 36 Google Chrome extensions for AI and VPN tools have begun delivering info-stealing malware in a widespread attack.

ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) Off-by-One Config Write DoS

A vulnerability was identified in a PHP script where an off-by-one error in array access could lead to undefined behavior and potential DoS. The issue arises in a loop that iterates over an array using a < condition, allowing access to an out-of-bounds index. This can trigger errors or unexpected behavior when processing data, potentially crashing the application. Successful exploitation of this vulnerability can lead to a crash or disruption of service, especially if the script handles large data sets. This issue can be triggered via the rowCount POST parameter in the Electronic Security Control device update script.

ABB Cylon Aspect 3.08.02 (webServerUpdate.php) Input Validation Config Poisoning

The ABB BMS/BAS controller suffers from improper input validation on the port POST parameter in the webServerUpdate.php script. This input is not validated on the server side and relies on bypassable client-side checks using the inString.js script to verify that the port parameter contains only characters from the set (0123456789). Attackers can bypass these checks and supply arbitrary integer values. Exploitation of this issue can result in configuration poisoning, Denial of Service (DoS) through malformed configurations, or manipulation of server settings via Cross-Site Request Forgery (CSRF) combined with authentication bypass.

ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) Remote Code Execution

The ABB Cylon Aspect BMS/BAS controller suffers from an authenticated blind command injection vulnerability. Input passed to several POST parameters is not properly sanitized when writing files, allowing attackers to execute arbitrary shell commands on the system. There is also an off-by-one error in array access that could lead to undefined behavior and potential DoS.

ABB Cylon Aspect 3.08.02 (uploadDb.php) Remote Code Execution

The ABB Cylon Aspect BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the contents of an uploaded .db file, which is passed to the copyFile.sh script. Although the filename is sanitized, the contents of the .db file are not, allowing attackers to inject malicious commands that are executed on the server.

Massive breach at location data seller: &#8220;Millions&#8221; of users affected

Data broker Gravy Analytics that collects location data and sells it to the US government has been breached.