Category: Uncategorized

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Rockwell Automation Equipment: Arena Simulation Software Vulnerabilities: Out-of-bounds Write, Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Access of Uninitialized Pointer, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-MORE EA9 HMI Vulnerabilities: Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to exploit a remote device and inject malicious code on the panel. 3.… Read more

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating SQL Injection Vulnerabilities in Software. This Alert was crafted in response to a recent, well-publicized exploitation of SQL injection (SQLi) defects in a managed file transfer application that impacted thousands of organizations. Additionally, the Alert highlights the prevalence… Read more

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability CVE-2019-7256 Nice Linear eMerge E3-Series OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber… Read more

Apple released security updates to address a vulnerability (CVE-2024-1580) in Safari and macOS. A cyber threat actor could exploit this vulnerability to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply the necessary updates:  Safari 17.4.1 macOS Sonoma 14.4.1   macOS Ventura 13.6.6 Read more

Post Content Read more

A Comparative analysis of two of the leading BAS platforms Abstract In an era where cyber threats evolve with alarming speed and complexity, organizations are increasingly reliant on proactive cybersecurity measures. Breach and Attack Simulation (BAS) platforms, such as Cymulate and Picus Security, have emerged as pivotal tools in enabling organizations to validate their security… Read more

All warfare is based on deception Sun Tzu Author: Pablo Canseco Abstract Sun Tzu wrote; “All warfare is based on deception.” This adage is finding maturity in a digital age where family of security controls must be reinforced with a diversity of other cyber defenses such as deception technologies. In 2018, the need to “defend… Read more