#zero_day

Open source software continues to pose a challenge for companies. With the proper security practices, you can reduce your open source risk and manage it.

Facebook users are notoriously the biggest offenders for sharing fake news and misinformation.

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Schneider Electric  Equipment: IGSS (Interactive Graphical SCADA System)   Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, Deserialization of Untrusted Data, Improper Limitation of a Pathname to a Restricted Directory, and Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition, as well as the loss, addition, or modification of dashboards or report files in the IGSS Report folder. Successful exploitation of these vulnerabilities could also allow remote code execution, potentially resulting in loss of control of the supervisory control and data acquisition (SCADA) System with IGSS running in production mode. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports these vulnerabilities affect the following Data Server, Dashboard and Cu...

Categories: News Tags: ATM Tags: bitcoin Tags: cryptocurrency Tags: wallet Tags: hot Tags: cold Tags: 0 day Tags: zero day We look at a $1.5m heist of cryptocurrency via compromised Bitcoin ATMs. (Read more...) The post Zero-day spells disaster for Bitcoin ATM appeared first on Malwarebytes Labs.

Op[4]'s firmware security platform detects, prioritizes, and remediates exploitable vulnerabilities in Internet of Things and embedded systems.

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.

After its second cyberattack in under a year, General Bytes urges customers to up the security on their personal accounts to prevent losses from hackers.

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Sever Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges in the affected device’s default configuration, resulting in remote code execution or deleting system files and folders. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Keysight monitoring products are affected: N6854A Geolocation Server versions 2.4.2 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1    DESERIALIZATION OF UNTRUSTED DATA CWE-502 N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. CVE-2023-1399 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string ...

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerabilities: Deserialization of Untrusted Data, Improper Access Control, Exposed Dangerous Method or Function, Path Traversal, Improper Authentication, Command Injection, Incorrect Permission Assignment for Critical Resource, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of InfraSuite Device Master, a real-time device monitoring software, are affected: Versions prior to 1.0.5 3.2 VULNERABILITY OVERVIEW 3.2.1    DESERIALIZATION OF UNTRUSTED DATA CWE-502 Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-stat...