Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Drug Dealers Have Moved Onto Social Media

The marketing of illegal drugs on open platforms is “gaining prominence,” authorities note, while the number of drug transactions on the darkweb has decreased in recent years.

Wired
#web#mac#amazon#auth#sap
Schneider Electric Modicon

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M241 / M251 / M258 / LMC058 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a denial-of-service and a loss of confidentiality and integrity in the controller. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that following Modicon PLCs are affected: Modicon Controllers M241: All versions Modicon Controllers M251: All versions Modicon Controllers M258: All versions Modicon Controllers LMC058: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 An improper input validation vulnerability exists that could lead to a denial-of-service and a loss of confidentiality and integrity in the controller when an unauthenticated crafted Modbus packet is sent to the device. CVE-2024-11737 has been assigned to this vulnerability. A CVSS v3 base...

Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware

A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT. "The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint

Cicada3301 Ransomware Claims Attack on French Peugeot Dealership

SUMMARY Cicada3301, a ransomware group, has claimed responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent…

Does Desktop AI Come With a Side of Risk?

Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks?

Task scams surge by 400%, but what are they?

Task scams are a new type of scams where victims are slowly tricked into paying to get paid for repetitive simple tasks

A day in the life of a privacy pro, with Ron de Jesus (Lock and Code S05E26)

This week on the Lock and Code podcast, we speak with Ron de Jesus about the work of achieving user privacy while balancing company goals.

FBI Targets 764 Network: Man Faces 30 Years for Cyberstalking, CSAM

A 20-year-old Tucson man was arrested for horrific CSAM and cyberstalking linked to the dangerous online extremist group 764.

Firmware Security: Identifying Risks to Implement Best Cybersecurity Practices

Find out the key security risks of firmware security: Identify threats, and learn best practices and protection methods…

Malware Hidden in Fake Business Proposals Hits YouTube Creators

Cybercriminals are targeting YouTube creators with sophisticated phishing attacks disguised as brand collaborations. Learn how to identify these scams, protect your data, and safeguard your online presence