CVE-2024-13957

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2024-13957 SSRF Server Side Request Forgery

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2024-13956 SSL Verification Bypass

SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.; NEXUS Series: through 3.; MATRIX Series: through 3...

CVE-2024-13949

ABB ASPECT-Enterprise, NEXUS Series, and MATRIX Series are affected by CVE-2024-13949, described as a large content vulnerability that can cause disk overutilization if administrator credentials are compromised. Affected families are ASPECT-Enterprise (through 3.), NEXUS Series (through 3. ), and...

CVE-2024-13931

Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2024-13931 Authenticated Relative Path Traversal

Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03...

CVE-2024-13928

CVE-2024-13928 describes SQL injection vulnerabilities in ABB ASPECT product line (ASPECT-Enterprise, NEXUS Series, MATRIX Series) up to version 3.08.03. The flaw allows unintended access and manipulation of database repositories when session administrator credentials are compromised. Root cause ...

PT-2025-22520 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: The issue allows PHP script injection if session administrator credentials become compromised. This is relate...

Google Chrome's Built-in Manager Lets Users Update Breached Passwords with One Click

Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user's password when it detects the credentials to be compromised. "When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an...

5 Identity Threat Detection & Response Must-Haves for Super SaaS Security

Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS...

AWS VDP: Non-Production API Endpoints for the Glue Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The AWS Glue service was found to have 12 non-production API endpoints that could be accessed using standard IAM credentials without generating any CloudTrail logs. This allowed for silent permission enumeration, where an adversary could determine the permissions of compromised credentials withou...

AWS VDP: Non-Production API Endpoint for the ElastiCache Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration

The ElastiCache service contains a non-production API endpoint that allows for permission enumeration without logging to CloudTrail. This could enable an adversary with compromised credentials to silently test the permissions of the credentials...

Have I Been Pwned Adds ALIEN TXTBASE Data 280M Emails & Passwords

HaveIbeenPwned HIBP website has significantly expanded its database with hundreds of millions of newly compromised credentials extracted by hackers though infostealer logs...

AWS VDP: Non-Production API Endpoints for the Device Farm Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The Device Farm service was found to have two non-production API endpoints that could be accessed using standard IAM credentials without generating CloudTrail logs. This allowed silent permission enumeration, where an adversary could test the permissions of compromised credentials without...

Hackers Breach Telefonica Network, Leak 2.3 GB of Data Online

Telefónica faces a data breach impacting its internal systems, linked to hackers using compromised credentials. Learn more about this alarming cyber threat...

FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits

Researchers at FortiGuard Labs have identified a prolific attacker group known as "EC2 Grouper" who frequently exploits compromised credentials using AWS tools...

'Stargazer Goblin' Creates 3,000 Fake GitHub Accounts for Malware Spread

A threat actor known as Stargazer Goblin has set up a network of inauthentic GitHub accounts to fuel a Distribution-as-a-Service DaaS that propagates a variety of information-stealing malware and netting them $100,000 in illicit profits over the past year. The network, which comprises over 3,000...

IR Trends: Ransomware on the rise, while technology becomes most targeted sector

Business email compromise BEC and ransomware were the top threats observed by Cisco Talos Incident Response Talos IR in the second quarter of 2024, together accounting for 60 percent of engagements. Although there was a decrease in BEC engagements from last quarter, it was still a major threat fo...

Safeguard Personal and Corporate Identities with Identity Intelligence

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk. In the current...

Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don't realize their credentials have been compromised unti...