CVE-2023-25392

Allegro Tech BigFlow 1.6 is vulnerable to Missing SSL Certificate Validation...

PT-2023-20043 · Allegro Tech · Allegro Tech Bigflow

Name of the Vulnerable Software and Affected Versions: Allegro Tech BigFlow versions prior to 1.6.0 Description: The issue is related to Missing SSL Certificate Validation. This means that the software may not properly verify the identity of the server it is connecting to, potentially allowing fo...

CVE-2023-25392

CVE-2023-25392 affects Allegro Tech BigFlow before 1.6.0. The issue is a lack of SSL certificate validation in BigFlow, enabling potential interception of traffic and exposure of confidential information (CVSS 3.1: Confidentiality High; Vector Network; Complexity High; Privileges None). Several c...

I-TECH TrainSmart SQL注入漏洞

I-TECH TrainSmart is an open source web-based training data collection system from I-TECH. A security vulnerability exists in I-TECH TrainSmart version r1044 that stems from the presence of a SQL injection vulnerability...

A Tiny Blog Took on Big Surveillance in China—and Won

Digging through manuals for security cameras, a group of gearheads found sinister details and ignited a new battle in the US-China tech war...

A Serial Tech Investment Scammer Takes Up Coding?

John Clifton Davies, a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies newest invention appears to...

Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe

Welcome to this weeks edition of the Threat Source newsletter. Everyone loves a good video of someone slipping on their icy steps in the winter, captured thanks to their home security camera or smart doorbell. But what about when that camera is just kind of chilling out and not catching the momen...

accounting.chrisreedtech.com Cross Site Scripting vulnerability OBB-3241407

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Fighting mercenaries with the Cybersecurity Tech Accord

Trend Micro co-Authors Cyber Mercenary Principles to help guide the technology industry and others in dealing with the growing market of cyber mercenaries...

2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks

In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions...

Senator Warner on the Restrict Act and a US TikTok Ban

WIRED spoke with the coauthor of the Restrict Act, a bipartisan bill to crack down on tech from six “hostile” countries...

Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects

A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code to the hacked websites, often connecting to the target...

emi-tech.de Cross Site Scripting vulnerability OBB-3216376

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Normalizing Women in Tech with Intentionality

Vice President Simone Stewart kicks off our Akamai “Women In Tech” blog series and discusses how intentionality can cultivate a more inclusive environment...

The state of stalkerware in 2022

The state of stalkerware in 2022 PDF Main findings of 2022 The State of Stalkerware is an annual report by Kaspersky which contributes to a better understanding of how many people in the world are affected by digital stalking. Stalkerware is a commercially available software that can be discretel...

The Sketchy Plan to Build a Russian Android Phone

Amid isolating sanctions, a Russian tech giant plans to launch new Android phones and tablets. But experts are skeptical the company can pull it off...

Design/Logic Flaw

Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: before 19.2...

Login Details of Tech Giants Leaked in Two Data Center Hacks

By Waqas Threat actors have hacked two data centers in Asia and accessed login credentials of top technology giants, including Apple, Uber, Microsoft, Samsung, Alibaba, etc., and leaked them on a hacker forum. This is a post from HackRead.com Read the original post: Login Details of Tech Giants...

Weak Password Vulnerability in CGW9000 of Shanghai Huanchuang Communication Technology Co.

Shanghai Huanchuang Communication Technology Co., Ltd. is a high-tech enterprise focusing on the research and development of wireless communication products for private network with the core of wireless communication technology, providing solutions for private network in rail transportation, fire...

CVE-2023-0882

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16...