Juniper Networks released a security bulletin to address a vulnerability in Junos OS: SRX Series. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. Users and administrators are encouraged to review the
Continue ReadingAuthor: Anowar Hossain Rana
Johnson Controls Kantech Door Controllers
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION: Exploitable via adjacent network Vendor: Johnson Controls, Inc. Equipment: Kantech KT1, KT2, KT400 Door Controllers Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION
Continue ReadingICONICS and Mitsubishi Electric Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION: Exploitable remotely Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite Vulnerabilities: Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper Authentication, Unsafe
Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20399 Cisco NX-OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and
Continue ReadingCISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems (ICS) advisories on July 2, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-184-01 Johnson Controls Kantech Door Controllers ICSA-24-184-02 mySCADA myPRO ICSA-24-184-03
Continue ReadingmySCADA myPRO
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Use of Hard-coded Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely
Continue ReadingPeople’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action
Overview Background This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal
Continue ReadingCISA and Partners join ASD’S ACSC to Release Advisory on PRC State-Sponsored Group, APT 40
CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) to release an advisory, People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action outlining a PRC state-sponsored cyber
Continue Reading