Lucene search
K

226 matches found

Akamai Blog
Akamai Blog
added 2021/05/28 3:14 p.m.11 views

5 Benefits of Network Segmentation

Learn more about how microsegmentation can enable you to achieve granular network segmentation, quickly and securely...

1.4AI score
Exploits0
ICS
ICS
added 2021/05/25 12:0 a.m.47 views

Rockwell Automation Micro800 and MicroLogix 1400

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: Micro800, MicroLogix 1400 Vulnerability: Channel Accessible by Non-endpoint 2. RISK EVALUATION Successful exploitation of this vulnerability may result in denial-of-service conditions, which...

7.5CVSS7.6AI score0.02188EPSS
Exploits0References5
Rapid7 Blog
Rapid7 Blog
added 2021/05/03 10:36 p.m.174 views

Kubernetes Security Is Not Container Security

Container-specific security I recently had an interesting discussion with Gianluca Brindisi from Spotify about the differences between Kubernetes security and container security. Typically, the discussion about container security focuses on general questions that aren’t focused on a specific...

7.2AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/04/09 2:30 p.m.46 views

Caught on Camera: Rethinking IoT Security

We all know that we're on camera pretty much constantly -- most coffee shops, convenience stores, and even offices employ security cameras for protection. But what happens when those devices built to keep us safe become unsafe? Hacks are becoming more frequent and attacking personal, private data...

0.4AI score
Exploits0
0day.today
0day.today
added 2021/03/02 12:0 a.m.125 views

Genua GenuGate High Resistance Firewall Authentication Bypass Vulnerability

Genua GenuGate High Resistance Firewall versions prior to 10.1 p4, 9.6 p7, and 9.0 Z p19 suffer from an authentication bypass vulnerability. ======================================================================= title: Authentication bypass vulnerability product: Genua GenuGate High Resistance...

9.8CVSS0.5AI score0.02349EPSS
Exploits2
Securelist
Securelist
added 2021/02/25 10:0 a.m.221 views

Lazarus targets defense industry with ThreatNeedle

Lazarus targets defense industry with ThreatNeedle PDF We named Lazarus the most active group of 2020. Weve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a...

7.1AI score
Exploits0
ICS
ICS
added 2021/02/25 12:0 a.m.86 views

Rockwell Automation Logix Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers Vulnerability: Insufficiently Protected Credentials 2. UPDATE INFORMATION This updated advisory is a...

9.8CVSS8.6AI score0.25455EPSS
Exploits1References5
Akamai Blog
Akamai Blog
added 2021/02/16 2:0 p.m.52 views

SolarWinds Hack and the Case of DNS Security

It's not news that some of the top government agencies and companies in the world were victims of the SolarWinds attack. At this point, I can say it's the reason I didn't have a smoother transition back into work-life following a long vacation. As I understand it, the breaches happened after...

0.4AI score
Exploits0
OSV
OSV
added 2021/02/08 7:16 p.m.17 views

GHSA-FWCM-636P-68R5 Server-side request forgery in CarrierWave

Impact CarrierWave download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. Patches Upgrade to 2.1.1 or 1.3.2. Workarounds Using proper network...

4.3CVSS5AI score0.01173EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/02/08 7:16 p.m.44 views

Server-side request forgery in CarrierWave

Impact CarrierWave download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. Patches Upgrade to 2.1.1 or 1.3.2. Workarounds Using proper network...

4.3CVSS2.7AI score0.01173EPSS
Exploits0References8Affected Software1
RubySec
RubySec
added 2021/02/08 12:0 a.m.17 views

Server-side request forgery in CarrierWave

Impact CarrierWave download feature or 1.3.2. Workarounds Using proper network segmentation and applying the principle of least privilege to outbound connections from application servers can reduce the severity of SSRF vulnerabilities. Ideally the vulnerable gem should run on an isolated server...

4.3CVSS6.8AI score0.01173EPSS
Exploits0References1Affected Software1
ICS
ICS
added 2021/01/07 12:0 a.m.60 views

Innokas Yhtymä Oy Vital Signs Monitor

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Innokas Yhtymä Oy Equipment: Vital Signs Monitor VC150 Vulnerabilities: Cross-site Scripting, Improper Neutralization of Special Elements in Output Used by a Downstream Component 2. RISK EVALUATION...

5.4CVSS6AI score0.00675EPSS
Exploits0References5
NCSC
NCSC
added 2020/12/17 12:0 a.m.6 views

Vulnerability fixed in Dell iDRAC

Dell has fixed a vulnerability in iDrac. A malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. iDRAC is a management environment. I...

6.1CVSS6.6AI score0.00991EPSS
Exploits0
ThreatPost
ThreatPost
added 2020/12/15 4:43 p.m.138 views

Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure

Thousands of organizations remain at risk from the URGENT/11 and CDPwn collections of vulnerabilities, which affect operational technology OT gear and internet of things IoT, respectively. Unfortunately, there has been a rampant lack of patching, researchers said. According to researchers at Armi...

8.3CVSS0.4AI score0.11685EPSS
Exploits0References8
ICS
ICS
added 2020/11/10 12:0 a.m.68 views

Schneider Electric PLC Simulator for EcoStruxure Control Expert

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PLC Simulator for EcoStruxure Control Expert Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this...

7.5CVSS7.8AI score0.01272EPSS
Exploits0References5
Carbon Black Blog
Carbon Black Blog
added 2020/11/04 7:0 p.m.34 views

Countering a Home Invasion: Modernizing Threat Hunting Best Practices

The recently released VMware Carbon Black Global Incident Threat Report found that incidents of counter incident response IR are occurring in 82 percent of IR engagements. Counter IR involves several tactics, which include: disabling anti-malware scan interface, clearing/deleting logs, using...

6.7AI score
Exploits0
ICS
ICS
added 2020/06/18 12:0 a.m.38 views

Baxter Phoenix Hemodialysis Delivery System (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: Phoenix Hemodialysis Delivery System Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

7.5CVSS7.6AI score0.00452EPSS
Exploits0References5
Krebs on Security
Krebs on Security
added 2020/06/17 11:37 p.m.28 views

When Security Takes a Backseat to Productivity

"We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change." -CIA's Wikileaks Task Force. So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led ...

7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2020/06/15 8:45 p.m.136 views

Zero Trust—Part 1: Networking

Enterprises used to be able to secure their corporate perimeters with traditional network controls and feel confident that they were keeping hackers out. However, in a mobile- and cloud-first world, in which the rate and the sophistication level of security attacks are increasing, they can no...

Exploits0
ThreatPost
ThreatPost
added 2020/02/19 10:17 p.m.94 views

U.S. Pipeline Disrupted by Ransomware Attack

A ransomware attack has hit a natural gas compression facility in the U.S., the feds have warned. The attack resulted in a two-day pipeline shutdown as the unnamed victim worked to bring systems back online from backups. The attackers were able penetrate the IT portion of the facility’s network,...

0.6AI score
Exploits0References8
Rows per page
Query Builder