#web

Google has released security patches for two vulnerabilities. Make sure you're using the latest version.

By Waqas Kaspersky's Global Research and Analysis Team (GReAT) has released its latest quarterly report (Q1 2024) on the advanced persistent threat (APT) activity, highlighting several key trends in the threat and risk environment. This is a post from HackRead.com Read the original post: Kaspersky Reveals Global Rise in APTs, Hacktivism and Targeted Attacks

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.0 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple FA Engineering Software Products Vulnerabilities: Improper Privilege Management, Uncontrolled Resource Consumption, Out-of-bounds Write, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition and/or to gain Windows system privileges and execute arbitrary commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports the following versions of FA Engineering Software Products are affected: CPU Module Logging Configuration Tool: All versions CSGL (GX Works2 connection configuration): All versions CW Configurator: All versions Data Transfer: All versions Data Transfer Classic: All versions EZSocket (communication middleware product for Mitsubishi Electric partner companies): All versions FR Configura...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities in components used by PowerSYSTEM Center could allow privilege escalation, denial-of-service, or arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS SUBNET Solutions reports that the following products use components with vulnerabilities: PowerSYSTEM Center: Update 19 and prior 3.2 Vulnerability Overview 3.2.1 RELIANCE ON INSUFFICIENTLY TRUSTWORTHY COMPONENT CWE-1357 SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center. CVE-2024-28042 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-28042. A bas...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: low attack complexity Vendor: Johnson Controls Equipment: Software House C●CURE 9000 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports that the following versions of Software House C●CURE 9000, a security management system, are affected: Software House C●CURE 9000: v3.00.2 3.2 Vulnerability Overview 3.2.1 Insertion of Sensitive Information into Log File CWE-532 Under certain circumstances the Microsoft Internet Information Server (IIS) used to host the C●CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C●CURE 9000 or prior versions. CVE-2024-0912 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.7 has been calcul...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Factory Talk Remote Access Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to enter a malicious executable and run it as a system user, resulting in remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation's FactoryTalk Remote Access are affected: FactoryTalk Remote Access: v13.5.0.174 and prior 3.2 Vulnerability Overview 3.2.1 UNQUOTED SEARCH PATH OR ELEMENT CWE-428 An unquoted executable path exists in the affected products, possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable and run it as a system user. A threat actor needs admin privileges to exploit this vulnerability. CVE-...

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L) and some loss of availability (A:L). What does that mean for this vulnerability?** An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

Veeam Backup and Replication is a backup, recovery and data management platform that modernizes data protection for cloud, physical and virtual environments. In this post we're going to look at using Veeam as part of a strategy to guard against ransomware attacks.Ransomware attacks continue to be damaging and costly events for all sizes of companies. Immutable backups are just one component in an overall business continuity strategy to protect against these types of revenue and reputation draining catastrophes. Linux is key to this strategy, and specifically Red Hat Enterprise Linux, can act a

How to get started with automated policy as code: Start small but think BIG.A policy enforcement feature is coming to future versions of Red Hat Ansible Automation Platform. This blog provides more detail around where we’re heading with this exciting initiative.What is automated policy as code?Quite simply it allows you to apply policies, or in other words rules, before and/or during automation without having to know about or write those rules into your automation. You have many operational constructs you want to adhere to across your organization, and by automating them as policies, you can