Tag
US jury orders NSO Group to pay $168M to WhatsApp and Meta over Pegasus spyware use in 2019…
Cybercriminals are using fake Social Security Administration emails to distribute the ScreenConnect RAT (Remote Access Trojan) and compromise…
A misconfigured, non-password-protected database belonging to TicketToCash exposed data from 520,000 customers, including PII and partial financial details.…
A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims.
France accuses Russia’s APT28 hacking group (Fancy Bear) of targeting French government entities in a cyber espionage campaign.…
Fake emails pretending to come from the US Social Security Administration try to get targets to install ScreenConnect for remote access.
China-linked hackers targeted Uyghur activists using a Trojanized UyghurEditPP app in a spear-phishing campaign, Citizen Lab researchers reveal.…
Software development is about to undergo a generative change. What this means is that AI (Artificial Intelligence) has…
Blue Shield of California exposed the health data of 4.7 million members to Google for years due to…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum Vulnerabilities: Trust Boundary Violation, Uncaught Exception, Exposure of Sensitive Information to an Unauthorized Actor, Authentication Bypass by Spoofing, Improper Access Control, Reliance on Untrusted Inputs in a Security Decision, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may risk execution of unsolicited command on the PLC, which could result in a loss of availability of the controller. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Modicon M580: All versions prior to 2.90 (CVE-2018-7846, CVE-2018-7849, CVE-2018-7848, CVE-2018-7842, CVE-2018-7847, CVE-2018-7850, CVE-2018-7853, CVE-2018-7854, CVE-2019-6808, CVE-2019-6828, CVE-2019-6829, CVE-2019-6809) Modicon Momentum CPU (pa...