Vulnerabilities Archives - Page 11 of 85

EV Charging Infrastructure Offers an Electric Cyberattack Opportunity

Issued by: Dark Reading

As electric vehicle (EV) charging infrastructure rushes to keep pace with the dramatic rise in sales of electric vehicles in the United States, cyberattackers and security researchers alike have already started focusing on security weaknesses in the infrastructure. In February, researchers with energy-network cybersecurity firm Saiflow discovered two vulnerabilities in the Open Charge Point Protocol…

Vulnerabilities

Hacked home computer of engineer led to second LastPass data breach

Issued by: CSO Online

Password management company LastPass, which was hit by two data breaches last year, has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches…

Vulnerabilities

Security Defects in TPM 2.0 Spec Raise Alarm

Issued by: Security Week

The vulnerabilities, tracked as CVE-2023-1017 and CVE-2023-1018, provide pathways for an authenticated, local attacker to overwrite protected data in the TPM firmware and launch code execution attacks, according to an advisory from Carnegie Mellon’s CERT coordination center. From the CERT alert: “An authenticated, local attacker could send maliciously crafted commands to a vulnerable TPM allowing…

Vulnerabilities

Companies urged to patch critical vulnerability in Fortinet FortiNAC

Issued by: CSO Online

Proof-of-concept exploit code is now available for a critical vulnerability in Fortinet FortiNAC appliances and attackers have already started using it in the wild. Users are advised to patch their systems as soon as possible. FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual…

Vulnerabilities

PoC exploit code for critical Fortinet FortiNAC bug released online

Issued by: Security Affairs

Researchers at Horizon3 cybersecurity firm have released a proof-of-concept exploit for a critical-severity vulnerability, tracked as CVE-2022-39952, in Fortinet’s FortiNAC network access control solution. Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756, are respectively an external control of…

Vulnerabilities

Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs

Issued by: Naked Security

Deciphering Microsoft’s official Update Guide web pages is not for the faint-hearted. Most of the information you need, if not everything you’d really like to know, is there, but there’s such a dizzing number of ways to view it, and so many generated-on-the-fly pages are needed to display it, that it can be tricky to…

Vulnerabilities

Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players’ Systems

Issued by: The Hacker News

An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players’ systems. The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a zero-day and…

Vulnerabilities

Trickbot Members Sanctioned for Pandemic-Era Ransomware Hits

Issued by: Dark Reading

The US and the UK have issued joint sanctions against alleged members of the TrickBot cybercrime gang for their role in cyberattacks against critical infrastructure. Trickbot, as a malware, began life as a lowly banking Trojan before its authors started adding modules for other forms of malicious activity. It thus evolved into a multifaceted cyber-Swiss…

Vulnerabilities

How Cybercriminals Are Operationalizing Money Laundering and What to Do About It

Issued by: Dark Reading

It’s almost impossible to pinpoint the amount of money that’s laundered globally, but conservative estimates put it at anywhere from $800 million to $2 trillion, according to the United Nations’ Office on Drug and Crimes — and that’s likely just the tip of the iceberg. It’s a crime that, in turn, fuels some of the…

Vulnerabilities

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

Issued by: The Hacker News

Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft. The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing the EV charging infrastructure. The issues have been identified in version…