A distributed list of bad actor IP addresses and phone numbers collected via a SIP Honeypot. Introduction This is basically a fraud detection tool. It lets bad actors try to make phone calls and saves the IP address they came from and number they tried to call. Those details are then used to block....
7AI Score
Build a stronger cybersecurity team through diversity and training
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series, Microsoft Security Product Marketing Manager Natalia Godyla talks with Heath Adams, Chief...
10CVSS
-0.5AI Score
0.976EPSS
Build a stronger cybersecurity team through diversity and training
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Voice of the Community blog series, Microsoft Security Product Marketing Manager Natalia Godyla talks with Heath Adams, Chief...
10CVSS
-0.5AI Score
0.976EPSS
The three most significant cyberattacks of 2021
People that predict tomorrow’s weather by looking at today’s are often right. Cloudy today? It'll probably be cloudy tomorrow. The same is often true for cybersecurity threats. Looking back at 2021 it looks a lot like 2020: A lot of ransomware attacks. So, when I was asked to write about the...
-0.3AI Score
SICK SOPAS ET has an unspecified vulnerability
Sick Sopas Et is an engineering tool from the German company Sick.A security vulnerability exists in versions prior to SICK SOPAS ET 4.8.0, which could be exploited by an attacker to package any executable file into an SDD and make it available to SOPAS ET...
8.6CVSS
3.9AI Score
0.001EPSS
SICK SOPAS ET path traversal vulnerability
Sick Sopas Et is an engineering tool from the German company Sick. versions prior to SICK SOPAS ET 4.8.0 contain a path traversal vulnerability that could be exploited to manipulate the pathname of the emulator and use path traversal to run arbitrary executable files located on the host...
8.6CVSS
3.3AI Score
0.001EPSS
SICK SOPAS ET Command Injection Vulnerability
Sick Sopas Et is an engineering tool from the German company Sick. versions prior to SICK SOPAS ET 4.8.0 contain a command injection vulnerability that could be exploited to manipulate command line parameters to pass any value to the emulator...
7.5CVSS
4AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator...
7.5CVSS
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the...
8.6CVSS
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator...
7.5CVSS
7.5AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further...
8.6CVSS
8.5AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further...
8.6CVSS
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the...
8.6CVSS
8.6AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further...
8.6CVSS
8.4AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the...
8.6CVSS
8.6AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator...
7.5CVSS
7.6AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator...
7.8AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the...
8.8AI Score
0.001EPSS
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further...
8.7AI Score
0.001EPSS
Kronos Ransomware Outage Drives Widespread Payroll Chaos
Kronos, the workforce management platform, has been hit with a ransomware attack that it says will leave its cloud-based services unavailable for several weeks – and it’s suggesting that customers seek other ways to get payroll and other HR tasks accomplished. The outage has left cataclysmic...
-0.5AI Score
Why we fail at getting the cybersecurity basics right, with Jess Dodson: Lock and Code S02E21
The cybersecurity basics should be just that—basic. Easy to do, agreed-upon, and adopted at a near 100 percent rate by companies and organizations everywhere, right? You'd hope. But the reality is that basic cybersecurity blunders continue to affect businesses of all sizes, which has led to...
7.1AI Score
Our journey to API security at Raiffeisen Bank International
This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. Launching the "Security in.....
6.7AI Score
The FP Paradox on the battlefield against COVID-19 and cyber threats
Let's consider for a moment the “next” communicable virus. You show no symptoms but you try a home testing kit anyway, expecting the result to be negative. To your great surprise, the result is positive! The information enclosed in the testing kit package explained that the test results are nearly....
-0.4AI Score
Mobile Industrial Robots Vehicles and MiR Fleet Software
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Mobile Industrial Robots (MiR) Equipment: MiR100, MiR200, MiR250, MiR500, MiR1000, MiR Fleet Vulnerabilities: Improper Access Control, Integer Overflow or Wraparound,...
9.8CVSS
8.7AI Score
0.007EPSS
Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the...
6.1CVSS
6.6AI Score
0.001EPSS
Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the...
6.1CVSS
0.001EPSS
Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the...
6.1CVSS
6.1AI Score
0.001EPSS
Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the...
6.1CVSS
6.2AI Score
0.001EPSS
Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the...
6.4AI Score
0.001EPSS
0.4AI Score
0.311EPSS
7.5CVSS
0.9AI Score
0.311EPSS
7.5CVSS
7.8AI Score
EPSS
FBI warns of ransomware threat to food and agriculture
The FBI has issued a Private Industry Notification (PIN) about cybercriminal actors targeting the food and agriculture sector with ransomware attacks. Farms are literally the first step in one of the most important, if not _the _most important, supply chain in our economy: The food supply chain....
7.5AI Score
No one ever wants a group of hackers to say about their company: "We had the keys to the kingdom." But that's exactly what the hacker Sick Codes said on this week's episode of Lock and Code, in speaking with host David Ruiz, when talking about his and fellow hackers' efforts to peer into John...
0.3AI Score
Connected Farms Easy Pickings for Global Food Supply-Chain Hack
A group of hackers made an unnerving DEF CON 29 presentation showing how the sprawling growth of digital and automated farming has left the world’s food supply chain vulnerable to cyberattack. A video for DEF CON 29 hacker conference this week put out by the group Sick Codes explained that modern.....
4.9CVSS
-0.3AI Score
0.001EPSS
go is vulnerable to privilege escalation. The vulnerability exists due to a bypass access control that is based on IP addresses that when there are extra zero characters at the beginning of an IP address...
7.5CVSS
4AI Score
0.002EPSS
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and...
7.5CVSS
6.6AI Score
0.002EPSS
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and...
7.5CVSS
7.5AI Score
0.002EPSS
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and...
7.5CVSS
0.002EPSS
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal...
9.1CVSS
9AI Score
0.005EPSS
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal...
9.1CVSS
0.005EPSS
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal...
9.1CVSS
6.6AI Score
0.005EPSS
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal...
9.1CVSS
8.9AI Score
0.005EPSS
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and...
7.5CVSS
7.4AI Score
0.002EPSS
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and...
7.8AI Score
0.002EPSS
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal...
9.1CVSS
8.7AI Score
0.005EPSS
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR......
7.5CVSS
7.6AI Score
0.002EPSS
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal...
9.3AI Score
0.005EPSS
Netmask NPM Package - Server-Side Request Forgery
Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the...
9.1CVSS
7AI Score
0.059EPSS
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects...
5.3CVSS
0.001EPSS