Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Treasury Dept. Sanctions Chinese Tech Vendor for Complicity

Integrity Technology Group was found complicit with Flax Typhoon as part of a broader Chinese strategy to infiltrate the IT systems of US critical infrastructure.

DARKReading
Open in Source
#intel#auth
Top Tips for Weather API Integration and Data Utilization

Integrate weather APIs to enhance your app with real-time data, forecasts, and personalized insights. Improve user experience while…

A New Dawn for Storytelling: The Intersection of AI and Cinema

Discover how AI (Artificial Intelligence) transforms storytelling in filmmaking with scriptwriting, casting, editing, and immersive viewer experiences. The…

ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) File Write DoS

The ABB Cylon Aspect BMS/BAS controller suffers from an authenticated arbitrary content injection vulnerability in the webServerDeviceLabelUpdate.php script due to a lack of input validation. Authenticated attackers can exploit the 'deviceLabel' POST parameter to write arbitrary content to a fixed file location at /usr/local/aam/etc/deviceLabel, potentially causing a denial of service.

Why Small Businesses Can't Rely Solely on AI to Combat Threats

The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI's capabilities.

ABB Cylon Aspect 4.00.00 (factorySaved.php) Unauthenticated XSS

The ABB Cylon Aspect BMS/BAS controller suffers from an unauthenticated reflected cross-site scripting vulnerability in the 'title' GET parameter. Input is not properly sanitized before being returned to the user, allowing the execution of arbitrary HTML/JS code in a user's browser session in the context of the affected site. While the factory test scripts included in the upgrade bundle are typically deleted, a short window for exploitation exists when the device is in the manufacturing phase.

ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) Remote Code Execution

The ABB Cylon Aspect BMS/BAS controller suffers from an unauthenticated blind command injection vulnerability. Input passed to the serial and ManufactureDate POST parameters is not properly sanitized, allowing attackers to execute arbitrary shell commands on the system. While factory test scripts included in the upgrade bundle are typically deleted, a short window for exploitation exists when the device is in the manufacturing phase.

'Bad Likert Judge' Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs

A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.

Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election. The federal agency said the entities – a subordinate organization of Iran's Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia's Main Intelligence