CVE-2023-0954 Debug feature in Sensormatic Electronics Illustra Dome and PTZ cameras

A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack...

PT-2023-16639 · Sensormatic Electronics · Sensormatic Electronics Illustra Pro Gen 4 Dome/Ptz Cameras

Name of the Vulnerable Software and Affected Versions: Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras affected versions not specified Description: A debug feature in the cameras allows a user to compromise credentials after a long period of sustained attack. Recommendations: At t...

When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About

Multi-factor Authentication MFA has long ago become a standard security practice. With a wide consensus on its ability to fend off more than 99% percent of account takeover attacks, it's no wonder why security architects regard it as a must-have in their environments. However, what seems to be le...

Schneider Electric EcoStruxure Cybersecurity Admin Expert 信任管理问题漏洞

Schneider Electric EcoStruxure Cybersecurity Admin Expert Schneider Electric EcoStruxure CAE is a cybersecurity administration expert from Schneider Electric France. Versions of Schneider Electric EcoStruxure Cybersecurity Admin Expert CAE prior to version 2.2 have a trust management issue...

CVE-2022-30312

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller IC protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller...

Malicious code in @highspot/closure-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware beb6d824b67d53a5bf5bddee8756a88d6bc20bdd981f4ab69a357a67ee742de0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Dell EMC PowerStore 授权问题漏洞

Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable and intelligent infrastructure to deliver AppsON capabilities that enable the transformation of traditional and modern workloads.Dell PowerStore is vulnerable to an authorization issue that could be exploited b...

CVE-2022-23724

Ping Identity PingID Integration for Windows Login (PingID Windows PingId) is affected by a flaw where static encryption key material enables forging an authentication token to other users within a tenant. This can allow MFA bypass by redirecting an authentication flow to a target user, and explo...

PT-2022-16229 · Ping Identity · Pingid Integration For Windows Login

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves the use of static encryption key material, which allows for the forging of an authentication token to other users within a tenant...

CVE-2021-34870

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.521.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue resul...

Microsoft Warns of Widespread Phishing Attacks Using Open Redirects

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits th...

Widespread credential phishing campaign abuses open redirector links

Microsoft has been actively tracking a widespread credential phishing campaign using open redirector links. Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking. Doing so leads to a series of...

CVE-2021-30168

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices...

Design/Logic Flaw

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When...

Protecting your remote workforce from application-based attacks like consent phishing

The global pandemic has dramatically shifted how people work. As a result, organizations around the world have scaled up cloud services to support collaboration and productivity from home. We’re also seeing more apps leverage Microsoft’s identity platform to ensure seamless access and integrated...

Ransomware at IT Services Provider Synoptek

Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customers nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand ...

NetApp AFF A700s Baseboard Management Controller Trust Management Issues Vulnerability

The NetApp AFF A700s Baseboard Management Controller BMC is a baseboard management controller for the AFF A700s Compact AFF Storage Controllers from NetApp, USA. A trust management issue vulnerability exists in the NetApp AFF A700s BMC with firmware version 1.22 and later. The vulnerability stems...

PT-2019-3002

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 5.4.6 through 5.4.12 Fortinet FortiOS versions 5.6.3 through 5.6.7 Fortinet FortiOS versions 6.0.0 through 6.0.4 FortiProxy versions 1.0.0 through 1.0.7 FortiProxy versions 1.1.0 through 1.1.6 FortiProxy versions 1.2....

Siemens LOGO!8 BM Trust Management Issue Vulnerability

The Siemens LOGO!8 BM is a programmable logic controller from Siemens, Germany. A vulnerability in Siemens LOGO!8 BM all versions exists due to a trust management issue. The vulnerability stems from the lack of an effective trust management mechanism in a networked system or product. An attacker...