Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing the EV charging infrastructure. The issues have been identified in version 1.6J of the Open Charge

The Hacker News
Open in Source
#vulnerability#web#ios#ddos#dos#auth#sap#The Hacker News
Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT, RedLine Stealer, Agent Tesla, DOUBLEBACK, Quasar RAT, XWorm, Qakbot, BATLOADER, and FormBook.

Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity. "An

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1 - 15.1.8 16.1.2.2 - 16.1.3, and 17.0.0 "A format string vulnerability exists in iControl SOAP

Cyberattack on Fintech Firm Disrupts Derivatives Trading Globally

The Russia-linked LockBit ransomware group claims to be behind the attack that fouled automated transactions for dozens of clients of financial technology firm ION Group.

Content Delivery Network (CDN) FAQs

By Owais Sultan What is a CDN? How can businesses benefit from a CDN? and What to look for in a CDN provider? This is a post from HackRead.com Read the original post: Content Delivery Network (CDN) FAQs

CVE-2023-25012: oss-sec: Linux Kernel: hid: Use-After-Free in bigben_set_led()

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

CVE-2023-23131: GitHub - l00neyhacker/CVE-2023-23131: CVE-2023-23131

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.

CVE-2023-23132: GitHub - l00neyhacker/CVE-2023-23132: CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.