Security News
Researchers have discovered over two dozen vulnerabilities in "Smart" cordless nutrunners manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. The device supports a number of communication protocols that are used to integrate it with SCADA systems, PLCs, or other production devices.
A security flaw has been disclosed in Kyocera’s Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. "This vulnerability allows...
Web Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot be exploited to operate out of bounds. Cannot initiate...
Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on...
Tools like Specops Password Auditor are beneficial as they enable scanning and detection of weak passwords within AD, including those found in breached password lists. A third-party password solution that can enforce longer passwords, and block the use of high-probability passwords, is the best approach.
Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This...
Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot
Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack. Researchers at firmware supply chain security platform company Binarly discovered a set of security vulnerabilities that open almost all Windows and Linux computers up to attack.
Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for...
Atlassian has released security updates for four critical vulnerabilities in its various offerings that could be exploited to execute arbitrary code. CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can lead to remote code execution.
Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The "SIERRA:21 - Living on the Edge" report features research into Sierra Wireless AirLink cellular routers and some open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular - an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for various applications.