View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Low attack complexity Vendor: goTenna Equipment: Pro series Vulnerabilities: Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information,
Continue ReadingMonth: September 2024
Advantech ADAM-5550
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Low attack complexity Vendor: Advantech Equipment: ADAM-5550 Vulnerabilities: Weak Encoding for Password, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker
Continue ReadingCISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems (ICS) advisories on September 26, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. IICSA-24-270-01 Advantech ADAM-5550 ICSA-24-270-02 Advantech ADAM-5630 ICSA-24-270-03 Atelmo Atemio AM
Continue ReadingAtelmo Atemio AM 520 HD Full HD Satellite Receiver
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Atelmo Equipment: Atemio AM 520 HD Full HD Satellite Receiver Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation
Continue ReadingRhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0
SummaryRhadamanthys, an advanced information stealer first identified in 2022, has undergone rapid updates, with version 0.7.0 introducing AI-driven capabilities for extracting cryptocurrency seed phrases from images. This malware targets credentials, system information, and financial data, using
Continue ReadingASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises
Today, the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and other U.S. and international partners released the joint guide Detecting and Mitigating Active Directory Compromises. This guide
Continue ReadingISC Stormcast For Thursday, September 26th, 2024 https://isc.sans.edu/podcastdetail/9154, (Thu, Sep 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingOSINT – Image Analysis or More Where, When, and Metadata [Guest Diary], (Wed, Sep 25th)
[This is a Guest Diary by Thomas Spangler, an ISC intern as part of the SANS.edu BACS program] A picture is worth a thousand words, as the saying goes. Using open-source information and basic image analysis
Continue ReadingCISA Warns of Hurricane-Related Scams
As Hurricane Helene approaches, CISA urges users to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling
Continue ReadingCitrix Releases Security Updates for XenServer and Citrix Hypervisor
Citrix released security updates to address multiple vulnerabilities in XenServer and Citrix Hypervisor. A cyber threat actor could exploit some of these vulnerabilities to cause a denial of service condition. CISA encourages users and administrators to
Continue Reading