#web

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: Electrical discharge machines Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service condition on the products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following electrical discharge machines are affected by this vulnerability in Microsoft Message Queuing service: Wire-cut EDM MV Series MV1200S D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-cut EDM MV Series MV2400S D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-cut EDM MV Series MV4800S D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-cut EDM MV Series MV1200R D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-c...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Commend Equipment: WS203VICM Vulnerabilities: Argument Injection, Improper Access Control, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information or force the system to restart. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Commend reports that the following versions of WS203VICM video door station are affected: WS203VICM: version 1.7 and prior 3.2 Vulnerability Overview 3.2.1 ARGUMENT INJECTION CWE-88 A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service. CVE-2024-22182 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). 3.2.2 IMPROPER ACCESS CONTROL CWE-284 A remote attacker ...

Malvertising made a resurgence in 2023, with cybercriminals creating malicious ads and websites imitating Amazon, TradingView, and Rufus.

A Ukrainian national that is being accused of operating the Raccoon Infostealer in a Malware-as-a-Service has been extradited to the US.

Bruce’s story unfolds in Cincinnati, Ohio. As a young boy, he had an ambitious dream of one day becoming the President of the United States. This aspiration remained his guiding star until he began his professional career after college. His mother, amused by his

An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While the full extent of the effort, codenamed Operation Cronos, is presently unknown, visiting the group's .onion website displays a seizure banner containing the message "

LockBit's position as ransomware's biggest beast is suddenly in doubt.

By Waqas All known dark web domains operated by the notorious LockBit Ransomware Gang are displaying a law enforcement seizure notice. This is a post from HackRead.com Read the original post: 8 LockBit Ransomware Gang Domains Seized in Global Operation

By Deeba Ahmed The aircraft was reportedly flying over an area inhabited by Iranian-backed Houthis. This is a post from HackRead.com Read the original post: Israeli El Al Alleges Hackers Targeted Flights in Mid-Air Hijack Attempt

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).