vulnerabilities

Vulnerabilities

Issued by: Security Week

Meant to provide significantly reduced power consumption and costs at communication ranges similar to those provided by Bluetooth, BLE is used for a broad range of applications in sectors such as automotive, healthcare, security, home entertainment, and more. BLE proximity authentication is typically to unlock or keep unlocked products such as cars, smart locks, access…

Vulnerabilities

Issued by: Security Week

The flaw, tracked as CVE-2022-30525, affects ATP, VPN and USG FLEX series firewalls. The vulnerability can be exploited by a remote, unauthenticated attacker for arbitrary code execution as the “nobody” user. The affected products are recommended for businesses and they provide VPN, SSL inspection, intrusion protection, web filtering and email security capabilities. The Shodan search…

Malware & Threats

Issued by: Security Week

Also referred to as APT35, Magic Hound, NewsBeef, Newscaster, Phosphorus, and TA453, the advanced persistent threat (APT) actor is known for the targeting of activists, government organizations, journalists, and various other entities. In November 2021, a joint advisory from government agencies in the US, UK, and Australia warned of Iranian state-sponsored attacks targeting critical infrastructure…

Vulnerabilities

Issued by: Security Week

Siemens has released 12 advisories covering 35 vulnerabilities. Based on CVSS scores, the most important advisory covers 11 flaws affecting the web server of SICAM P850 and P855 devices. One of these bugs is critical and it allows an unauthenticated attacker to execute arbitrary code or launch a denial-of-service (DoS) attack. The five high-severity vulnerabilities…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-20220-29972, the security hole was identified in the third-party Open Database Connectivity (ODBC) data connector used in Integration Runtime (IR) in the affected Azure services to connect to Amazon Redshift. A remote attacker could have exploited the flaw to execute arbitrary commands across the IR infrastructure, impacting multiple tenants, the tech giant explains….

Malware & Threats

Issued by: Security Week

AGCO designs, makes, and distributes agricultural machinery and precision technology, offering equipment under brands such as Challenger, Fendt, Massey Ferguson, and Valtra. On Friday, the company announced that it fell victim to a ransomware attack that impacted some production facilities. AGCO says it has launched an investigation into the incident and estimates that it might…

Vulnerabilities

Issued by: Security Week

The vulnerabilities were disclosed at the Zero Day Initiative’s Pwn2Own Austin contest in November 2021, where participants earned more than $1 million for hacking routers, printers, smart spears, smartphones and network-attached storage (NAS) devices. The NAS exploits at Pwn2Own targeted WD devices, and they earned participants roughly $500,000. It turns out that at least half…