CVE-2025-23384

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2.1, SCALANCE M812-1 ADSL-Router family All versions V8.2.1, SCALANCE M816...

CVE-2024-30191

A vulnerability has been identified in SCALANCE W1748-1 M12 6GK5748-1GY01-0AA0, SCALANCE W1748-1 M12 6GK5748-1GY01-0TA0, SCALANCE W1788-1 M12 6GK5788-1GY01-0AA0, SCALANCE W1788-2 EEC M12 6GK5788-2GY01-0TA0, SCALANCE W1788-2 M12 6GK5788-2GY01-0AA0, SCALANCE W1788-2IA M12 6GK5788-2HY01-0AA0, SCALAN...

Vulnerabilities fixed in Moxa's cellular routers and network security devices

Moxa has fixed vulnerabilities in Moxa's cellular routers and network security devices Specifically, CVE-2024-9138 and CVE-2024-9140. Vulnerability CVE-2024-9138 involves hard-coded credentials that allow authenticated users to escalate their privileges, ultimately leading to root access. This...

Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...

All the Data Amazon's Ring Cameras Collect About You

The popular security devices are tracking and sharing more than you might think...

Vulnerability Spotlight: Vulnerabilities in metal detector peripheral could allow attackers to manipulate security devices

Matt Wiseman of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in a device from Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, manipulate metal detector... This is only t...

Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check)

Binary data apachelog4jjdnildapgeneric.nbin...

DDoS attacks in Q3 2021

News overview Q3 2021 brought two new DDoS attack vectors, potentially posing a serious threat, including for major web resources. A team of researchers from the University of Maryland and the University of Colorado Boulder found a way to spoof the victims IP address over TCP. To date,...

CVE-2021-3632

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...

CVE-2021-22320

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS...

Cisco Security Manager Path Traversal Vulnerability

Cisco Security Manager CSM is a suite of enterprise-level management applications from Cisco that are used to configure firewall, VPN, and intrusion protection security services on Cisco network and security devices. A path traversal vulnerability exists in Cisco Security Manager 4.21 and earlier...

CVE-2019-15992

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating...

Boost Your Personal Security With These Killer 2019 Black Friday and Cyber Monday Deals

If you're like most consumers, you're probably looking forward to the upcoming Black Friday and Cyber Monday sale events. Who wouldn't want to get all sorts of products and services at massive discounts? But while most consumers are typically eyeing personal gadgets and entertainment appliances,...

Phish Uses Google's URL Decoding to Swim Past Defenses

A phishing campaign that takes advantage of Google’s ability to decode non-ASCII URL data on the fly is making the rounds – looking to fool the unsavvy by effectively hiding the website address of the campaign’s phishing page. The campaign makes use of what’s called percentage-based URL encoding ...

Fighting Fire with Fire: API Automation Risks

Akamai research shows that 83 percent of all traffic on the web today are API calls JSON / XML. In many cases this fast growth can be attributed to the adoption and popularity of mobile devices and the mobile app ecosystem, as well as the abuse by threat actors using bots to automate their manual...

CVE-2017-17154

IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, V500R001C00SPC300, V500R001C00SPC500, V500R001C00SPH303, V500R001C00SPH508, V500R001C20, V500R001C20SPC100, V500R001C20SPC100PWE, V500R001C20SPC200, V500R001C20SPC200B062, V500R001C20SPC200PWE, V500R001C20SPC300B078, V500R001C20SPC300PWE,...

Multiple Huawei products IKEv2 protocol out-of-bounds writing vulnerability

Huawei IPS Module, NGFW Module, NIP6300/6600 series products and Secospace USG series are the new generation of professional intrusion prevention and firewall products launched by Huawei for enterprise, IDC, campus network and carrier customers. An out-of-bounds write vulnerability exists in the...

The Myth of the self tuning / machine learning Web Application Firewall

There's an old adage that if something seems too good to be true, it probably is. If you're like me, you can apply this to your own experiences. For example, about 5 years ago a small chain of gyms that exclusively used vibrating exercise machines popped up near my home. Their gym goers would sta...

SQL Servers SQL Injection Obfuscation Techniques (CVE-2014-9239; CVE-2020-10546; CVE-2020-10547; CVE-2020-10548; CVE-2020-10549)

Attackers may use SQL injection techniques in order to execute SQL commands on SQL servers. To avoid detection by security devices, such attackers might use various obfuscation techniques to conceal their actions. Successful exploitation could allow an attacker to disclose confidential informatio...

JVN#12991684: ManageEngine Firewall Analyzer fails to restrict access permissions

ManageEngine Firewall Analyzer provided by Zoho Corporation is a log analytics and configuration management software for network security devices. ManageEngine Firewall Analyzer contains a vulnerability where access permissions are not restricted. Impact An attacker may be able to obtain server...