Aggregator

A vulnerability was found in Envoy up to 1.29.8/1.30.5/1.31.1 and classified as critical. Affected by this issue is some unknown functionality of the component Routing Table Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2024-45809. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Puma up to 5.6.8/6.4.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded_For leads to authorization bypass. This vulnerability is known as CVE-2024-45614. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Closed-Loop Technology CLESS Server 4.5.2. Affected is an unknown function of the component PHP Handler. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-40125. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Microsoft Edge. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-38221. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Microsoft Edge. This vulnerability affects unknown code. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2024-43496. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Microsoft Edge. This affects an unknown part. The manipulation leads to type confusion. This vulnerability is uniquely identified as CVE-2024-43489. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS 3.1.3. It has been rated as very critical. Affected by this issue is some unknown functionality. The manipulation leads to numeric error. This vulnerability is handled as CVE-2010-1179. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

自动化技术在网络安全运营中的应用对现代企业非常重要，不仅可以解决网络安全技能不足问题，同时还能够显著提升组织的 […]

新闻速览 •查处3.1万余人！公安机关打击网络谣言取得显著成效 •北京自贸试验区数据出境负面清单完成首批用户应 […]

A vulnerability, which was classified as critical, was found in Symantec Brightmail AntiSpam up to 6.0. This affects an unknown part of the file viewMsgDetails.do. The manipulation of the argument id leads to improper privilege management. This vulnerability is uniquely identified as CVE-2004-0671. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Sortir en Alsace 0.5b. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-6867. The attack needs to be initiated within the local network. There is no exploit available.

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus - Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-09-20, 73 days ago. The vendor is given until 2025-01-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A vulnerability was found in lunary-ai lunary up to 1.4.9 and classified as problematic. This issue affects some unknown processing of the file runs/{run_id}/related. The manipulation leads to insufficient granularity of access control. The identification of this vulnerability is CVE-2024-6867. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in lunary-ai lunary up to 1.4.8. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-6087. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in lunary-ai lunary up to 1.4.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file saml.ts of the component Setting Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-6582. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link DIR-X4860 A1 and COVR-X1870. It has been classified as critical. This affects an unknown part of the component Telnet Service. The manipulation leads to backdoor. This vulnerability is uniquely identified as CVE-2024-45696. The attack needs to be done within the local network. There is no exploit available.

人人都想「意识永藏」，富豪先买单。

Bad bot traffic continues to rise year-over-year, accounting for nearly a third of all internet traffic in 2023. Bad bots access sensitive data, perpetrate fraud, steal proprietary information, and degrade site performance. New technologies are enabling fraudsters to strike faster and inflict more damage. Bots’ indiscriminate and large-scale attacks pose a risk to businesses of all sizes in all industries. But there are techniques your business can adopt to address this malicious activity. By leveraging … More →

The post How to detect and stop bot activity appeared first on Help Net Security.

A vulnerability was found in Iexpress Estate Agent Manager up to 1.3. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2006-5934. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Attacks on critical infrastructure  The explosion of the Soviet gas pipeline in 1982 was one of the first well-known instances of critical infrastructure being targeted through a software modification that contained a hidden malfunction. In this instance, the Soviets were stealing Western technology and the CIA slipped the flawed software to them without their knowledge. While the explosion itself didn’t cause any fatalities, it did cause some damage to the Soviet economy as per Washinton Post.      With the intensification of hybrid warfare, we have seen multiple attacks on ICS-based critical infrastructure in Europe and the Middle East. These attacks were designed not just to destabilize the systems but also to cause a major kinetic impact. No systems or assets are out of bounds today. State-backed actors from countries like North Korea are not just after technology and revenue but also act as conduits for other countries to infiltrate the critical infrastructure of their adversary nations.   Read more: Buyers guide to OT/ICS cybersecurity solutions A case study   In a recent instance, Sectrio’s Asset Research Team uncovered an anomaly in hardware supplied to a critical infrastructure operator. In this instance, same OEM supplied was supposed to supply the same hardware to two divisions of the same business. However, the hardware supplied to one entity, when examined, showed a deviation that was found to enable a backdoor communication with an obscure server using a now obsolete protocol that was sparingly used in the 90s.   The OEM in this case claimed that the anomaly was a generational remnant from an old version. How it made its way to only one piece of hardware and not the other is a question that was not answered to our satisfaction. The hardware belonged to the same batch and even had sequential serial numbers adding to the mystery.    This could be a genuine error but it is an error that could potentially be exploited by a bad actor.   Supply chain challenges As the Lebanon episode clearly showed, OEMs now have to ensure the integrity of their hardware well beyond their shop floors. ICS/OT operators should also watch out for anomalous behaviors and risky interactions that could jeopardize operations and plant safety levels. One way of offsetting these challenges is to ensure the systems undergo Security Acceptance Tests (SAT) along with Factory Acceptance Tests (FAT). This will ensure the integrity of the assets and call out any security issues before they are added to the infrastructure.   A ‘maker-checker’ approach is the way to go.   Recommended cybersecurity measures to risk-proof ICS assets  While IEC 62443 and NIST CSF-based risk assessment and gap analysis is a good place to start, the outcomes of such an assessment can and should be used across the enterprise to improve security posture. Here are some of the other steps that can be taken to secure ICS and OT assets and infrastructure:  Talk to us to learn how your crown jewels and assets can be protected through a custom-built ICS/OT cybersecurity plan. Contact us now! Book a consultation with our OT/ICS cybersecurity experts now. Contact Us  Thinking of an ICS security training program for your employees? Talk to us for a custom package.   

The post Exploding pagers and the new face of asset-centric warfare   appeared first on Security Boulevard.