A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All ...
4.6CVSS
4.6AI Score
0.0005EPSS
A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All ...
4.6CVSS
5AI Score
0.0005EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
Detect and Prioritize Identity-Related Cloud Risk with InsightCloudSec
In modern cloud environments, roles and permissions are assigned not just to human users, but to machines, resources and services, as well. The massive scale of cloud environments leads to teams potentially managing millions of distinct identities. As a result, security teams often struggle to...
6.6AI Score
7.4AI Score
7.1AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.1AI Score
sc-player.marw.net Cross Site Scripting vulnerability OBB-3389398
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
sc-aotu.com Cross Site Scripting vulnerability OBB-3384583
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
sc.527you.com Cross Site Scripting vulnerability OBB-3384567
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Financial services company OneMain fined $4.25 million for security lapses
A series of security errors and mishaps has cost personal loan provider OneMain $4.25m in penalties, issued by the New York State department of financial services. The fines, coming at the end of a detailed investigation into how security practices at the company were determined to be below-par,...
6.6AI Score
Nidhogg - All-In-One Simple To Use Rootkit For Red Teams
Nidhogg is a multi-functional rootkit for red teams. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for red team engagements that can be integrated with your C2 framework via a single header file with simple usage, you can see an...
7.3AI Score
7.1AI Score
7.4AI Score
sc-aotu.com Cross Site Scripting vulnerability OBB-3368432
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
sc.527you.com Cross Site Scripting vulnerability OBB-3368390
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
sc-bein.com Cross Site Scripting vulnerability OBB-3368361
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation Vulnerability
...
7.8CVSS
7.1AI Score
0.001EPSS
7.8CVSS
7.9AI Score
EPSS
Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
5.4CVSS
8.5AI Score
0.001EPSS
Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC Note: The...
5.4CVSS
8.3AI Score
0.001EPSS
7.1AI Score
Meet the GoldenJackal APT group. Don’t expect any howls
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as we know, has not been publicly described. We...
8.1AI Score
7.4AI Score
7.8CVSS
7.8AI Score
EPSS
Unleash Spring apps in a flex environment with Azure Spring Apps Consumption and Dedicated plans
In March, we introduced the Consumption pricing plan for Azure Spring Apps allowing you to start from zero and scale to zero vCPU. Today, we are thrilled to announce the public preview of the Standard Dedicated plan! The Standard Dedicated plan provides a fully managed, dedicated environment for...
6.8AI Score
7.4AI Score
7.1AI Score
0.001EPSS
7.8CVSS
7.1AI Score
0.001EPSS
7.1AI Score
0.001EPSS
7.8CVSS
7.1AI Score
0.001EPSS
Introducing: ‘Saved Filters’ in InsightCloudSec
Last year, when we launched Layered Context in InsightCloudSec, we knew we had something great on our hands. Not just because we provided a single view for cloud security practitioners to see their full cloud risk posture (though, if we do say so ourselves, that’s pretty sweet). No, we knew we had....
6.7AI Score
#StopRansomware: BianLian Ransomware Group
Summary Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics,.....
5.5CVSS
8.2AI Score
0.467EPSS
Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023. The actor is swiftly expanding its operations. To date, the group has compromised three organizations in the U.S. and one in South Korea across several business verticals,.....
6.8AI Score
sc-siegelbach.de Cross Site Scripting vulnerability OBB-3335192
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Win32k Elevation of Privilege Vulnerability Recent assessments: gwillcox-r7 at May 31, 2023 9:15pm UTC reported: Doing a patch diff between a Windows 10 1607 x86 version of win32kfull.sys prior to the patch and after the patch shows that only one function changed: xxxEnableMenuItem. Looking at...
7.8CVSS
8.5AI Score
0.001EPSS
Threat Source newsletter (May 4, 2023) — Recapping the biggest headlines to come out of RSA
Welcome to this week's edition of the Threat Source newsletter. I didn't attend the RSA Conference in person, and on top of that, I was at the NFL Draft while the conference was going on. I'm behind on the biggest talks, panels and presentations that came out during the annual security conference,....
6.9AI Score
6.9AI Score
0.001EPSS
6.9AI Score
7.8CVSS
7.8AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.001EPSS
6.9AI Score
Threat Source newsletter (April 27, 2023) — New Cisco Secure offerings and extra security from Duo
Welcome to this week's edition of the Threat Source newsletter. I'm writing this earlier in the week as I get ready for some personal travel (everyone is lucky I passed on writing another Cybersecurity Mock Draft), so apologies if I miss anything major that happens at RSA. But Cisco beat everyone.....
9.8CVSS
10.3AI Score
0.97EPSS
New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022
James Alaniz and Diamond Fair contributed to this article. We’ve been on quite a roll lately releasing new compliance packs, along with iterative updates to others that we’ve supported for a while now. We’re not done yet, either! In this article, we’ll discuss our newly released compliance pack...
6.6AI Score
Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks
The prolific Iranian nation-state group known as Charming Kitten is actively targeting multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a...
7.1AI Score
6.8AI Score
Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-28895)
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. SCALANCE X-200, X-200IRT, and X-300....
8.8AI Score
0.001EPSS