Lucene search
K

226 matches found

Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.25 views

Rockwell Automation 1794-AENT Flex I/O Series B Buffer Copy Without Checking Size of Input (CVE-2020-6083)

An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen- Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...

7.5CVSS7.2AI score0.03496EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.14 views

Schneider Electric Web Server on Modicon M340 Out-of-Bounds Write (CVE-2020-7563)

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...

8.8CVSS8.3AI score0.01073EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.23 views

Schneider Electric Modicon Controllers Use of Insufficiently Random Values (CVE-2019-6821)

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum. This plugin only works...

6.5CVSS6.5AI score0.0193EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.21 views

Schneider Electric Web Server on Modicon M340 Out-of-Bounds Read (CVE-2020-7562)

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file ...

8.1CVSS8.1AI score0.00884EPSS
Exploits0References3
NCSC
NCSC
added 2022/01/05 12:0 a.m.4 views

Rootkit found in HPE iLO environments

Security researchers at AmnPardaz have published an investigation published about a rootkit found in HPE iLO systems. The malware, called "iLOBleed," was used, among other things, to to wipe a system's hard drives. Because the iLO subsystem has exceptionally high privileges, compromising it means...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/11/30 1:11 p.m.28 views

Critical Wormable Security Flaw Found in Several HP Printer Models

Cybersecurity researchers on Tuesday disclosed eight-year-old security flaws affecting 150 different multifunction printers MFPs from HP Inc that could be potentially abused by an adversary to take control of vulnerable devices, pilfer sensitive information, and infiltrate enterprise networks to...

9.8CVSS8.3AI score0.12135EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/11/26 1:20 p.m.49 views

Hackers Targeting Biomanufacturing Facilities With Tardigrade Malware

An advanced persistent threat APT has been linked to cyberattacks on two biomanufacturing companies that occurred this year with the help of a custom malware loader called "Tardigrade." That's according to an advisory published by Bioeconomy Information Sharing and Analysis Center BIO-ISAC this...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/11/17 3:44 p.m.276 views

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities...

10CVSS9.3AI score0.99999EPSS
Exploits39
ThreatPost
ThreatPost
added 2021/11/12 8:24 p.m.25 views

Top 10 Cybersecurity Best Practices to Combat Ransomware

If you’re like most IT professionals, the threat of a ransomware attack might keep you up at night. And you have a valid reason to worry — ransomware doesn’t discriminate. Organizations across every industry, public or private, are potential victims, if they haven’t been victims already. In fact,...

7.3AI score
Exploits0References7
ThreatPost
ThreatPost
added 2021/11/11 8:32 p.m.34 views

Invest in These 3 Key Security Technologies to Fight Ransomware

A recent survey by Fortinet revealed that two-thirds of organizations had been the target of at least one ransomware attack – and 85 percent are more concerned about a ransomware attack than any other form of cyberattack. And, the evolving threat landscape is cited as one of the top challenges in...

7.4AI score
Exploits0References4
Malwarebytes
Malwarebytes
added 2021/10/19 4:33 p.m.24 views

Protect yourself from BlackMatter ransomware: Advice issued

Despite promises made by the BlackMatter ransomware gang about which organizations and business types they would avoid, multiple US critical infrastructure entities have been targeted. Now, the Federal Bureau of Investigation FBI, in conjunction with the Cybersecurity and Infrastructure Security...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2021/10/19 1:21 p.m.43 views

Feds Warn BlackMatter Ransomware Gang is Poised to Strike

Federal authorities are warning businesses to shore up cybersecurity defenses as it carefully monitors the reemergence of the DarkSide ransomware gang, believed responsible for the crippling Colonial Pipeline attack in May 2021. The ransomware-as-a-service gang has regrouped under the moniker...

7.6AI score
Exploits0References7
ICS
ICS
added 2021/10/18 12:0 p.m.35 views

BlackMatter Ransomware

Summary Actions You Can Take Now to Protect Against BlackMatter Ransomware • Implement and enforce backup and restoration policies and procedures. • Usestrong, unique passwords. • Usemulti-factor authentication. • Implement network segmentation and traversal monitoring. Note: this advisory uses t...

9.7AI score
Exploits0References56
The Hacker News
The Hacker News
added 2021/10/15 2:10 p.m.17 views

CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems

The U.S. Cybersecurity Infrastructure and Security Agency CISA on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities WWS, highlighting five incidents that occurred between March 2019 and August 2021. "This activity—which includes attempts to...

1.7AI score
Exploits0
CISA
CISA
added 2021/09/22 12:0 a.m.72 views

CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware 

CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released a joint Cybersecurity Advisory CSA alerting organizations of increased Conti ransomware attacks. Malicious cyber actors use Conti ransomware to steal sensitive files from domestic and international...

6.7AI score
Exploits0References3
The Hacker News
The Hacker News
added 2021/08/18 3:5 p.m.107 views

BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices

A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System RTOS could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment. The shortcoming CVE-2021-22156, CVSS score: 9.0 is part of a...

9.8CVSS1.3AI score0.018EPSS
Exploits0
ICS
ICS
added 2021/07/21 12:0 p.m.28 views

Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013

Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise IOCs,...

9.5AI score
Exploits0References38
ICS
ICS
added 2021/07/08 12:0 p.m.52 views

DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of...

9.4AI score
Exploits0References84
ICS
ICS
added 2021/06/08 12:0 a.m.30 views

Schneider Electric Modicon X80

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon X80 Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability may result in...

5.3CVSS5.8AI score0.00925EPSS
Exploits0References5
Akamai Blog
Akamai Blog
added 2021/06/03 5:57 p.m.10 views

How Network Segmentation Simplifies PCI DSS Compliance

Read more about how proper network segmentation can simplify PCI DSS compliance by effectively reducing the number of assets in scope...

3.2AI score
Exploits0
Rows per page
Query Builder