VRChat says reported data breach never happened

A data breach notice has been filed with the Maine Attorney General, saying more than 2.4 million users of VRChat have had their data breached. The question is, was it VRChat who filed the breach notice, or did someone pretending to represent the company post it instead? On Reddit, a VRChat...

UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data

LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but…...

PT-2024-10737 · Alecto +5 · Alecto Ivm-100 +6

Name of the Vulnerable Software and Affected Versions: Alecto IVM-100 2019-11-12 Tk-star nan affected versions not specified Svakom Nan affected versions not specified Alecto nan affected versions not specified Loven nan affected versions not specified Sannce products affected versions not...

CVE-2024-4106

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as...

CVE-2024-4106

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as...

CVE-2024-4106

A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as...

CVE-2024-4106

Summary (CVE-2024-4106) Yokogawa FAST/TOOLS and CI Server are affected by an authentication issue due to built-in accounts with no passwords. Affected versions: FAST/TOOLS R9.01–R10.04 (Packages RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) and CI Server R1.01.00–R1.03.00. The CISA/ICS advisory details ...

Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System

Twitter on Wednesday said that its investigation found "no evidence" that users' data sold online was obtained by exploiting any security vulnerabilities in its systems. "Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was...

Rapid7 Metasploit 安全漏洞

Rapid7 Metasploit is a suite of penetration testing software from the US-based Rapid7. A security vulnerability exists in Metasploit version 3.11.0.248350, which originates from a module that utilizes the Unified Remote Telecontrol Protocol to enter and deploy payloads.The telecontrol protocol ca...

CVE-2019-17112

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user "Operator" access level to access the configuration file of the mail server except for the password...

CVE-2017-3764

A vulnerability was identified in Lenovo XClarity Administrator LXCA before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed...

CVE-2000-0109

The CVE-2000-0109 entry corresponds to Standard & Poor’s ComStock MultiCSP Client Site Processor (MCSP) systems that ship with several accounts with no passwords or easily guessable defaults. Connected sources confirm this weakness on the MultiCSP implementation; Nessus notes default/blank passwo...