PT-2026-40593

ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file...

EUVD-2024-45751

Malicious code in bioql PyPI...

Cherry pie, Douglas firs and the last trip of the summer

Welcome to this week's edition of the Threat Source newsletter. Diane, 2:01 p.m., August 21st. I've just returned from a remarkable journey through Seattle and the misty roads of the Olympic Peninsula. If you ever find yourself driving beneath those towering Douglas firs or dragged by your partne...

CVE-2024-51546

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-51546

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-51546

CVE-2024-51546 affects ABB ASPECT Enterprise v3.08.02, NEXUS Series v3.08.02 and MATRIX Series v3.08.02, with credentials disclosure enabling access to on-board project backup bundles. Connected sources (including Exploit DB, Red Hat/US-CISA advisories and NC SC) describe this as a cookie/credent...

CVE-2024-39118

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up...

How to back up your iPhone to a Mac

They say the only backup you ever regret is the one you didnt make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things youve lost, or to fix things that have failed. One of the most cost effective ways to backup your iPhone is to save backups to your Ma...

WPvivid < 0.9.95 - Missing Authorization

Description The plugin vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function, making it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID...

Fortinet FortiADC Authorization Issues Vulnerability

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. Fortinet FortiADC has an authorization issue vulnerability that stems from the presence of an incorrect authorization vulnerability. A low-privileged user could read or back up the complete system configuration via an HTT...

CVE-2020-36667 JetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location Change

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backupguardclouddropbox, backupguardcloudgdrive, and backupguardcloudoneDrive function...

Chicago students lose data to ransomware attackers

Chicago Public Schools CPS disclosed on Friday that students may have had their data taken in a ransomware incident involving one of its vendors. The ransomware attack happened last December at Battelle for Kids BfK, based in Columbus Ohio, which develops services to provide innovation in schools...

SiteGround Security < 1.2.6 - Authorization Weakness to Authentication Bypass via 2-FA Back-up Codes

The method in which 2FA back-up code authentication is handled by the plugin makes it possible for attackers to log in if they are able to brute force a back-up code for a user or compromise it via other means such as SQL Injection...

CVE-2019-19801

In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases...

All in the (Ransomware) Family: 10 Ways to Take Action

In a world where everything is an “as-a-service,” it’s no surprise that ransomware-as-a-service RaaS is a hot ticket on the Dark Web. FortiGuard Labs has observed at least two significant ransomware families – Sodinokibi and Nemty – now being deployed as RaaS solutions. Meanwhile, cybercriminals...

Privilege Escalation

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, an...

Unauthorized Access Vulnerability in Odoo

Odoo formerly known as OpenERP is an enterprise resource planning ERP and customer relationship management CRM system. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management and financial management. Odoo suffers...

HPSBHF03593 rev. 2 - Firmware Trusted Platform Module (fTPM) for Select AMD Client Systems

Potential Security Impact Unauthorized access, elevation of privilege. Source: HP, HP Product Security Response Team PSRT Reported By: CTS-Labs VULNERABILITY SUMMARY A security vulnerability has been identified in specific versions of the AMD firmware-based Trusted Platform Module fTPM. The fTPM ...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM Platform Symphony and IBM Spectrum Symphony (CVE-2016-3610 CVE-2016-3598 CVE-2016-3606 CVE-2016-3587 CVE-2016-3511 CVE-2016-3550 CVE-2016-3485)

Summary Vulnerability in IBM Java SDK affects IBM Platform Symphony and IBM Spectrum Symphony Vulnerability Details CVE IDs: CVE-2016-3610 CVE-2016-3598 CVE-2016-3606 CVE-2016-3587 CVE-2016-3511 CVE-2016-3550 CVE-2016-3485 Affected Products and Versions IBM Platform Symphony: 5.2, 6.1.0.1, 6.1.1,...

'Every Drupal 7 Site Was Compromised' Unless Patched By Oct. 15

The maintainers of the Drupal content management system are warning users that any site owners who haven’t patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL...