Aggregator

A vulnerability classified as critical has been found in Rockwell Automation CompactLogix 5380, ControlLogix 5580, GuardLogix 5580, Compact GuardLogix 5380 and CompactLogix 5480. This affects an unknown part of the component PTP Management Packet Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-7515. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell Automation Micro850 and Micro870. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Modbus Communication Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2024-7567. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell Automation Pavilion8 5.20. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing encryption of sensitive data. This vulnerability is known as CVE-2024-40620. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix and Compact GuardLogix 5380. It has been classified as critical. Affected is an unknown function of the component PCCC Message Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-7507. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell Automation FactoryTalk View Site Edition 13.0 and classified as critical. This issue affects some unknown processing. The manipulation leads to incorrect permission assignment. The identification of this vulnerability is CVE-2024-7513. The attack needs to be approached locally. There is no exploit available. It is recommended to change the configuration settings.

A vulnerability has been found in Rockwell Automation ControlLogix 5580 and GuardLogix 5580 34.011 and classified as critical. This vulnerability affects unknown code. The manipulation leads to improper check for unusual conditions. This vulnerability was named CVE-2024-40619. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Rockwell Automation DataMosaix Private Cloud. This affects an unknown part of the component Cookie Handler. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-6078. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in AMD μProf Tool. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-31366. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Ada Web Server 20.0. Affected by this vulnerability is an unknown functionality of the component SSL/TLS. The manipulation leads to certificate with host mismatch. This vulnerability is known as CVE-2024-37015. The attack can be launched remotely. There is no exploit available.

Elon Musk claims that the livestream interview with Donald Trump on the X social media platform was impacted by a cyberattack. Elon Musk claims that a massive DDoS attack caused problems with the announced interview with Donald Trump on the X platform Monday night. “There appears to be a massive DDOS attack on 𝕏. Working on shutting […]

A vulnerability classified as problematic has been found in Symphony CMS up to 2.7.10. Affected is an unknown function of the component Comment Component. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-41614. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Symphony CMS 2.7.10. It has been rated as problematic. This issue affects some unknown processing of the component Note Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-41613. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Ocean Data Systems Dream Report 2023 and AVEVA Reports for Operations 2023. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to incorrect permission assignment. This vulnerability was named CVE-2024-6619. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AMD EPYC 7003 Processors and EPYC 9004 Processors. It has been classified as critical. This affects an unknown part of the component SEV Firmware. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2023-31356. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has released the KB5041580 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 14 changes and fixes, including BitLocker fixes and important security updates. [...]

Security researchers at Perception Point have uncovered a sophisticated phishing campaign, dubbed “Uncle Scam.” In this AI-powered campaign, threat actors impersonate U.S. government agencies to send fraudulent tender invitations to numerous American enterprises. The attackers employ advanced techniques, including interactive kits and large language models (LLMs), to create highly convincing phishing emails. The phishing operation […]

The post Operation Uncle Scam – AI-Powered Phishing Attack Steals Microsoft Dynamics 365 Credentials appeared first on Cyber Security News.

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Meteor Shower PSA’ appeared first on Security Boulevard.

Hackers, possibly from Iran, sent phishing emails to the Biden-Harris campaign and Trump operative Roger Stone hoping to gain access into the systems of both presidential campaigns. It worked with Stone, who compromised email account opened the door to the Trump campaign infrastructure.

The post Biden-Harris Campaign, Trump Operative Stone Also Target of Hackers appeared first on Security Boulevard.

Learn how to minimize the impact of vulnerabilities like social media use, private jet tracking, and more As an executive protection (EP) professional, you’re likely experiencing a rise in physical threats against your principal(s). You’re not alone. According to Ontic’s State of Protective Intelligence Report, 8 out of 9 EPs say their companies are experiencing…

The post 4 Executive Travel Vulnerabilities You May be Overlooking appeared first on Ontic.

The post 4 Executive Travel Vulnerabilities You May be Overlooking appeared first on Security Boulevard.