253 matches found
Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks
The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to...
Smart home security advice. Ring, SimpliSafe, Swann, and Yale
Introduction This guide covers the security of smart home security products from Ring, Yale, Swann, and SimpliSafe. Whether you're looking to monitor your property remotely, enhance your home's security, or see who’s at the front door, this guide will provide you with valuable insights. We have...
ManageEngine OpManager RCE (CVE-2024-5466)
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported versio...
CVE-2024-5466
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option...
CVE-2024-5466
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option...
CVE-2024-5466 Remote Code Execution
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option...
ZOHO ManageEngine OpManager RMM 安全漏洞
ZOHO ManageEngine OpManager RMM is a remote monitoring and management software from ZOHO, Inc. A security vulnerability exists in ZOHO ManageEngine OpManager RMM version 128329 and prior versions, which stems from a remote code execution contained in the deployment agent option...
The Power and Peril of RMM Tools
As more people work remotely, IT departments must manage devices distributed over different cities and countries relying on VPNs and remote monitoring and management RMM tools for system administration. However, like any new technology, RMM tools can also be used maliciously. Threat actors can...
Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks
The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management RMM software for maintaining persistent access. That's...
Fuji Electric Tellus Lite V-Simulator Buffer Overflow Vulnerability
Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments from Fuji Electric Japan. A buffer overflow vulnerability exists in Fuji Electric Tellus Lite V-Simulator, which stems from an out-of-bounds write vulnerability that can be exploited by an attacker t...
Fuji Electric Tellus Lite V-Simulator Buffer Overflow Vulnerability (CNVD-2025-13543)
Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments from Fuji Electric Japan. Fuji Electric Tellus Lite V-Simulator suffers from a buffer overflow vulnerability that originates from a boundary error when the application processes untrusted input. An...
Fuji Electric Tellus Lite V-Simulator 缓冲区错误漏洞
Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments from Fuji Electric Japan. A buffer overflow vulnerability exists in Fuji Electric Tellus Lite V-Simulator, which stems from an out-of-bounds write vulnerability that can be exploited by an attacker t...
Schneider Electric SAGE RTUs Path Traversal Vulnerability
The Schneider Electric SAGE RTUs is a high-performance device for industrial automation and remote monitoring from Schneider Electric France. A path traversal vulnerability exists in the Schneider Electric SAGE RTUs, which originates from allowing an authenticated user to access the device's web...
Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection
Overview SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contain a command injection vulnerability CWE-77. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If the remote monitoring and...
CVE-2024-32850
Improper neutralization of special elements used in a command 'Command Injection' exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker...
CVE-2024-32850
Improper neutralization of special elements used in a command 'Command Injection' exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker...
CVE-2024-32850
Improper neutralization of special elements used in a command 'Command Injection' exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker...
CVE-2024-32850
CVE-2024-32850 affects SkyBridge MB-A100/MB-A110 (firmware 4.2.2 and earlier) and SkyBridge BASIC MB-A130 (firmware 1.5.5 and earlier) due to improper neutralization of special elements in a command (CWE-77). If remote monitoring/control is enabled, an attacker with access may execute arbitrary c...
PT-2024-24913 · Unknown · Skybridge Basic Mb-A130 +1
Name of the Vulnerable Software and Affected Versions: SkyBridge MB-A100/MB-A110 versions 4.2.2 and earlier SkyBridge BASIC MB-A130 versions 1.5.5 and earlier Description: The issue is related to improper neutralization of special elements used in a command, also known as 'Command Injection'. Thi...
Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks
The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta...