2476 matches found
Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication
Cisco Talos recently disclosed eight vulnerabilities in the engine configuration functionality in Open Automations Software Platform. OAS Platform is commonly found in industrial operations and enterprise environments. It allows various devices, including PLCs, servers, files, databases and...
USN-6342-1: Linux kernel vulnerabilities
Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Zheng Zhang discovered that the device-mapper implementation in the Linux kernel...
The vulnerability of the angular.copy() function in the application design environment and the Angular development platform allows a attacker to trigger a service failure.
The vulnerability of the angular.copy function in the application and platform development environment for one-page applications related to Angular involves the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause...
How to disable Receiver for HTML5 in Cloud?
How to disable Receiver for HTML5 in Cloud?...
Vulnerability fixed in VMware Tools
VMware has fixed a vulnerability in VMware Tools for Windows and Linux. A malicious party could use a man-in-the-middle attack to bypass SAML tokens and thus manipulate the operation of VMware Guests manipulate. As a result, the malicious party could potentially gain access to sensitive data or...
Imperva Clinches 2023 SC Media Trust Award for Best Database Security Solution: A Back-to-Back Victory
Imperva, a global leader in cybersecurity, is proud to announce that we have once again been honored for our industry-leading database security solutions, earning the prestigious 2023 SC Media Trust Award for Best Database Security Solution. This accolade marks the second consecutive year that...
IBM Security Guardium Data Encryption 安全漏洞
IBM Security Guardium Data Encryption is a software from International Business Machines IBM that is used to secure sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files,...
LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants
The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. "The...
16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks
A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit SDK that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology OT environments. The flaws, tracked from CVE-2022-47378...
New Microsoft Security innovations expand multicloud visibility and enhance multiplatform protection
With more than 90 percent of organizations adopting a multicloud strategy1 and cloud-based cyberattacks growing 48 percent year over year,2 securing multicloud and hybrid environments is more important than ever. To successfully protect multicloud infrastructure—where customers are utilizing two ...
New Microsoft Security innovations expand multicloud visibility and enhance multiplatform protection
With more than 90 percent of organizations adopting a multicloud strategy1 and cloud-based cyberattacks growing 48 percent year over year,2 securing multicloud and hybrid environments is more important than ever. To successfully protect multicloud infrastructure—where customers are utilizing two ...
Siemens RUGGEDCOM ROS Device Web Server Denial of Service Vulnerability
RUGGEDCOM Ethernet switches are used for reliable operation in electrically harsh and climatically demanding environments such as power substations and traffic control cabinets. A denial of service vulnerability exists in the Siemens RUGGEDCOM ROS device web server, which can be exploited by an...
F5 BIG-IP and BIG-IQ Centralized Management Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IQ Centralized Management is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery...
Risk Fact #1: Cloud Migration Exploitation Cloud Security Research Risk Fact
Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...
Zenbleed: cross-process infoleak vulnerability in AMD Zen 2 Processors - everything you need to know
Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors...
A New Cross-Platform ‘P2PInfect’ Worm Threatening Cloud Environments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary P2PInfect, a new cross-platform worm written in Rust, targets vulnerable Redis instances in cloud environments via the CVE-2022-0543 vulnerability, potentially posing a significant threat to over 307,000...
The vulnerability of the SmmEntryPoint function in open-source development environments for UEFI EDK2 allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the SmmEntryPoint function in open-source development environments for UEFI EDK2 relates to writing beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
Managing Risk Across Hybrid Environments with Executive Risk View
Over the last decade or so, organizations of all shapes and sizes across all industries have been going through a seismic shift in the way they engage with their customers and deliver their solutions to the market. These new delivery models are often underpinned by cloud services, which can chang...
CVE-2023-37479
Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...
Design/Logic Flaw
Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...