Threat landscape for industrial automation systems. H2 2023

Global statistics across all threats In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year Selected industries In H2 2023, building...

Malicious code in custom-banner-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34d3a0ada39e2fd82258a3fc7c24701af1389dc5d9de771dd18d930e9ccc2ad3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in action-and-block (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0df7d68df29c8d0451564e890d6a9e4e49ed0d52b81b51c81ab79c1bb6fabac3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in r101-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04fdb7d31fd1d035cfcc20972fe3adcd5bf484b9a3427b495018e3ae9b9b62ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in edgenuity (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15e4c93cf6c84b166ccde43c18dfbd4c3095f530bca0139dc5086f17c244adf2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in shereyas (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f5f398c5ef44625d32c0624b33f4665f47dbc992685b29b9468219d43367040 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rat-patrol (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76425bdae39c104791dcaea76a06838a4ea7f3358370079dd8d2f40810f5b20d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in payatutest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e666f5bddab515c8140e043a16a0947fdd59fcb62ec502650a89ddb5bb92aefb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in emilkylandertestnpmpackge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdd319ba7b8c79bd32d0502d11aaf6fe6a8689e11b814d211d891de83981fc6a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Number withdrawn

Net-SNMP is an open source Simple Network Management Protocol SNMP software. The software is used to monitor network devices, computer devices, UPS devices, and more. This CVE number has been withdrawn...

Apple Announces Post-Quantum Encryption Algorithms for iMessage

Apple announced PQ3, its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. Theres a lot of detail in the Apple blog post, and more in Douglas Stabilas security analysis. I am of two minds about this...

Malicious code in disc-web-sender (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12df226ff9607452aa9f412f4bbaffcae930e8586ee8348d0d9aa9d03238f050 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in djs-colors-v14 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9233b02141fe8633239a8516840d708db9cf60115d9fc546225dd9d16a64d190 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1017 Malicious code in uber-rv-web-common-virtual-8d2dce4f55 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dbae8809f558786b2938d097fa3abc6d250af302ff70e680c5cbf865b32b6d75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ts-patch-mongose (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51bc93e8c8d28afed9e08e35605df0343e47bb7e02ccd33e5f7cb1f56c7099ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-48220

Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities...

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NISTs post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly. We are...

CVE-2023-25535

Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation LPE. This vulnerability only affects first-time installations done prior to 8th March 2023...

Dell SupportAssist for Home PCs 安全漏洞

Dell SupportAssist for Home PCs is a client application for home computers from Dell USA. The program provides automated, proactive and predictive techniques for troubleshooting and more. An elevation of privilege vulnerability exists in versions prior to Dell SupportAssist for Home PCs 3.13.2.19...

Dell SupportAssist for Business PCs 安全漏洞

Dell SupportAssist for Business PCs is a client application for business computers from Dell USA. The program provides automated, proactive and predictive techniques for troubleshooting and more. A local authentication bypass vulnerability exists in Dell SupportAssist for Business PCs version...