CVE-2023-24546

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts...

Adaptive Security Policy Management in Cloud Environments Using Reinforcement Learning

The security of cloud environments, such as Amazon Web Services AWS, is complex and dynamic. Static security policies have become inadequate as threats evolve and cloud resources exhibit elasticity 1. This paper addresses the limitations of static policies by proposing a security policy managemen...

The vulnerability of the GetConnectionVariables method in the software for managing and monitoring remote objects in telemetry and telemechanics systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the GetConnectionVariables method in software for controlling and monitoring remote objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise t...

Linux Distros Unpatched Vulnerability : CVE-2024-42368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry da...

Important: Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.4 release

A new version of Red Hat build of OpenTelemetry has been released Red Hat build of OpenTelemetry is a collection of tools, APIs, and SDKs. You use it to instrument, generate, collect, and export telemetry data metrics, logs, and traces for analysis in order to understand your software's performan...

Cyber Threats Targeting the US Government During the Democratic National Convention

Cyber Threats Targeting the US Government During the Democratic National Convention By Anne An · October 2, 2024 Introduction Trellix global sensors detected increased threat activities during the days that the Democratic National Convention DNC was held in August 2024, culminating into a massive...

MAL-2024-12280 Malicious code in google-play-store (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0f8bc12f61546bde84dd1d7a64519fcdc55ce875b71f3d8d848d2d5daa2248d This is a copy of https://pypi.org/project/play-scraper/ with added a very questionable "telemetry": in scraper.py, L90 sends the user hostname, IP and the exa...

CVE-2024-42368

The CVE-2024-42368 issue affects the bearertokenauth server authenticator in OpenTelemetry Collector contributions. A timing-discrepancy arises from non-constant time string comparisons of bearer tokens, enabling a network-adjacent attacker to infer the configured token by measuring response time...

CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...

UBUNTU-CVE-2024-38606

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adfsendadmintlstart enables the telemetry TL feature on a QAT device by sending the ICPQATFWTLSTART message to the firmware. This triggers the FW to start writing TL...

CVE-2024-36129

OpenTelemetry Collector is affected by CVE-2024-36129, an unsafe decompression vulnerability that allows unauthenticated remote DoS via excessive memory consumption. The issue affects the OpenTelemetry Collector and its modules, with fixes published in version 0.102.1 of the collector and 0.102.1...

[SECURITY] Fedora 40 Update: qt6-qtmqtt-6.7.1-1.fc40

MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...

New Rugmi Malware Loader Surges with Hundreds of Daily Detections

A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer aka LummaC2, Vidar, RecordBreaker aka Raccoon Stealer V2, and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. "This malware ...

New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks

A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen...

CVE-2023-43810

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It...

CVE-2023-43810

CVE-2023-43810 concerns OpenTelemetry instrumentation. Autoinstrumentation may expose an unbounded http_method label, enabling memory exhaustion under large numbers of crafted requests. Affected if the application is instrumented for HTTP handlers and does not filter non-standard methods at CDN/L...

CVE-2023-43810 opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It...

CVE-2023-24546

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts...

PT-2023-19683 · Arista · Arista Cloudvision Portal

Name of the Vulnerable Software and Affected Versions: Arista CloudVision Portal affected versions not specified Description: The issue is related to improper access controls on the connection from devices to CloudVision, which could allow a malicious actor with network access to CloudVision to...