226 matches found
5 Benefits of Network Segmentation
Learn more about how microsegmentation can enable you to achieve granular network segmentation, quickly and securely...
Rockwell Automation Micro800 and MicroLogix 1400
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: Micro800, MicroLogix 1400 Vulnerability: Channel Accessible by Non-endpoint 2. RISK EVALUATION Successful exploitation of this vulnerability may result in denial-of-service conditions, which...
Kubernetes Security Is Not Container Security
Container-specific security I recently had an interesting discussion with Gianluca Brindisi from Spotify about the differences between Kubernetes security and container security. Typically, the discussion about container security focuses on general questions that aren’t focused on a specific...
Caught on Camera: Rethinking IoT Security
We all know that we're on camera pretty much constantly -- most coffee shops, convenience stores, and even offices employ security cameras for protection. But what happens when those devices built to keep us safe become unsafe? Hacks are becoming more frequent and attacking personal, private data...
Genua GenuGate High Resistance Firewall Authentication Bypass Vulnerability
Genua GenuGate High Resistance Firewall versions prior to 10.1 p4, 9.6 p7, and 9.0 Z p19 suffer from an authentication bypass vulnerability. ======================================================================= title: Authentication bypass vulnerability product: Genua GenuGate High Resistance...
Lazarus targets defense industry with ThreatNeedle
Lazarus targets defense industry with ThreatNeedle PDF We named Lazarus the most active group of 2020. Weve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a...
Rockwell Automation Logix Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers Vulnerability: Insufficiently Protected Credentials 2. UPDATE INFORMATION This updated advisory is a...
SolarWinds Hack and the Case of DNS Security
It's not news that some of the top government agencies and companies in the world were victims of the SolarWinds attack. At this point, I can say it's the reason I didn't have a smoother transition back into work-life following a long vacation. As I understand it, the breaches happened after...
GHSA-FWCM-636P-68R5 Server-side request forgery in CarrierWave
Impact CarrierWave download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. Patches Upgrade to 2.1.1 or 1.3.2. Workarounds Using proper network...
Server-side request forgery in CarrierWave
Impact CarrierWave download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. Patches Upgrade to 2.1.1 or 1.3.2. Workarounds Using proper network...
Server-side request forgery in CarrierWave
Impact CarrierWave download feature or 1.3.2. Workarounds Using proper network segmentation and applying the principle of least privilege to outbound connections from application servers can reduce the severity of SSRF vulnerabilities. Ideally the vulnerable gem should run on an isolated server...
Innokas Yhtymä Oy Vital Signs Monitor
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Innokas Yhtymä Oy Equipment: Vital Signs Monitor VC150 Vulnerabilities: Cross-site Scripting, Improper Neutralization of Special Elements in Output Used by a Downstream Component 2. RISK EVALUATION...
Vulnerability fixed in Dell iDRAC
Dell has fixed a vulnerability in iDrac. A malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. iDRAC is a management environment. I...
Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure
Thousands of organizations remain at risk from the URGENT/11 and CDPwn collections of vulnerabilities, which affect operational technology OT gear and internet of things IoT, respectively. Unfortunately, there has been a rampant lack of patching, researchers said. According to researchers at Armi...
Schneider Electric PLC Simulator for EcoStruxure Control Expert
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PLC Simulator for EcoStruxure Control Expert Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this...
Countering a Home Invasion: Modernizing Threat Hunting Best Practices
The recently released VMware Carbon Black Global Incident Threat Report found that incidents of counter incident response IR are occurring in 82 percent of IR engagements. Counter IR involves several tactics, which include: disabling anti-malware scan interface, clearing/deleting logs, using...
Baxter Phoenix Hemodialysis Delivery System (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: Phoenix Hemodialysis Delivery System Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...
When Security Takes a Backseat to Productivity
"We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change." -CIA's Wikileaks Task Force. So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led ...
Zero Trust—Part 1: Networking
Enterprises used to be able to secure their corporate perimeters with traditional network controls and feel confident that they were keeping hackers out. However, in a mobile- and cloud-first world, in which the rate and the sophistication level of security attacks are increasing, they can no...
U.S. Pipeline Disrupted by Ransomware Attack
A ransomware attack has hit a natural gas compression facility in the U.S., the feds have warned. The attack resulted in a two-day pipeline shutdown as the unnamed victim worked to bring systems back online from backups. The attackers were able penetrate the IT portion of the facility’s network,...