View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FLXEON Controllers Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’), Missing Origin Validation in WebSockets, Insertion of…
Category: EN
Medixant RadiAnt DICOM Viewer
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: Medixant Equipment: RadiAnt DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a machine-in-the-middle attack (MITM),…
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain…
IBM OpenPages Vulnerability Let Attackers Steal Authentication Credentials
IBM has addressed multiple high-severity vulnerabilities in its OpenPages Governance, Risk, and Compliance (GRC) platform that could enable attackers to hijack user sessions, steal authentication credentials, and manipulate critical enterprise data. The flaws affect versions 8.3 and 9.0 of the…
Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script
Researchers uncovered an ongoing campaign distributing the Rhadamanthys Infostealer through malicious Microsoft Management Console (MMC) files (.MSC), leveraging both a patched DLL vulnerability and legitimate MMC functionalities to execute scripts and deploy malware. This advanced attack vector highlights evolving techniques…
Free SOC Webinar – Better SOC with Interactive Malware Sandbox, Practical Use Cases 2025
If you work in a Security Operations Center (SOC), you know the struggle all too well: hundreds of alerts flood in daily, each demanding attention. Some are false positives, others are routine, but buried among them are real threats that…
Mining Company NioCorp Loses $500,000 in BEC Hack
NioCorp Developments has informed the SEC that it lost $0.5 million after its systems were compromised. The post Mining Company NioCorp Loses $500,000 in BEC Hack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
TRAI Enforces Stricter Regulations to Combat Telemarketing Spam Calls
There has been a significant shift in the Telecom Regulatory Authority of India (TRAI)’s efforts to curb spam calls and unsolicited commercial communications (UCC) as part of its effort to improve consumer protection, as TRAI has introduced stringent regulations.…
Hackers Leak 8,500 Files from Lexipol, Exposing U.S. Police Training Manuals
An anonymous hacker group called the “puppygirl hacker polycule” recently made headlines by leaking over 8,500 files from Lexipol, a private company that provides training materials and policy manuals for police departments across the United States. As first reported…
Android Latest Security Feature Protects Users from Cyber Scams
Google is developing a new security feature for Android that prevents users from updating sensitive settings while a phone call is in process. The in-call anti-scammer measures include prohibiting users from enabling settings to install apps from unidentified sources…
Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms
We are excited to announce that Gartner has named Microsoft a Leader in the 2024 Gartner® Magic Quadrant™ for Cyber Physical Systems Protection Platforms. Gartner defines Cyber-physical systems (CPS) as “engineered systems that orchestrate sensing, computation, control, networking and analytics” that connect the…
Cybersecurity jobs available right now in the USA: February 20, 2025
Compliance & Privacy Specialist McKesson | Remote – View job details As a Compliance & Privacy Specialist, you will identify potential gaps, establish and maintain policies and procedures to guide the business in complying with regulatory requirements, create and deliver…
Malicious Ads Target Freelance Developers via GitHub
Fake job ads target freelance developers, spreading malware via GitHub This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious Ads Target Freelance Developers via GitHub
Zero Day on Netflix explains well about the repercussions of a Cyber Attack
“Zero Day,” a gripping political thriller streaming on Netflix, delves into the far-reaching consequences of a devastating cyber attack. Premiering on February 20, 2025, this six-episode series weaves a complex tale of conspiracy, intrigue, and the dangerous intersections of technology…
Can’t quit Windows 10? You can pay Microsoft for updates after October, or try these alternatives
Businesses can expect to pay a premium for Windows 10 Extended Security Updates. Educators will fare better. And for the first time, consumers can sign up. You also have free options, but they’re risky. This article has been indexed from…
California privacy regulator seeks to fine Florida data broker after huge breach of Social Security numbers
The California agency said National Public Data failed to register in the state as a data broker. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the original…
NailaoLocker ransomware targets EU healthcare-related entities
NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. Orange Cyberdefense CERT uncovered a malware campaign, tracked as The Green Nailao campaign, that targeted European organizations, including healthcare, in late 2024, using ShadowPad,…
Google Docs used by infostealer ACRStealer as part of attack
An infostealer known as ACRStealer is using legitimate platforms like Google Docs and Steam as part of an attack. This article has been indexed from Malwarebytes Read the original article: Google Docs used by infostealer ACRStealer as part of attack
Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms
We are excited to announce that Gartner has named Microsoft a Leader in the 2024 Gartner® Magic Quadrant™ for Cyber Physical Systems Protection Platforms. Gartner defines Cyber-physical systems (CPS) as “engineered systems that orchestrate sensing, computation, control, networking and analytics” that connect the…
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 10, 2025 to February 16 2025)
📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find…