This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric SCADAPack Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Monthly Archives: April 2022
ZDI-22-583: Schneider Electric SCADAPack Workbench isasln File Parsing XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric SCADAPack Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-547: (0Day) (Pwn2Own) Samsung Galaxy S21 Exposed Dangerous Method Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Post Title
A vulnerability has been discovered in Google Chrome that could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data.
What is a botnet? When infected devices attack
Botnet definition
A botnet is a collection of internet-connected devices that an attacker has compromised to carry out DDoS attacks and other tasks as a swarm. The idea is that each computer becomes a mindless robot in a larger network of identical robots, which gives the word botnet its meaning.
“Malware infects an unsuspecting, legitimate computer, which communicates back to the botnet operator that the infected computer is now ready to follow orders blindly,” explains Nasser Fattah, North America Steering Committee Chair at Shared Assessments. “All of this is happening unbeknownst to the owner of the computer. The goal is to grow the size of the botnet, which collectively can automate and expedite large attacks.”
CVE-2020-28062
An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. ‘/ Upload/Plugins /, which could let a remote malicious user execute arbitrary code.
Jail Releases 300 Suspects Due to Computer “Glitch”
Outage caused by system update disrupts processing of defendants in Texas county
Fortinet tightens integration of enterprise security, networking controls
Fortinet adds new security, SD-WAN, branch, and zero-trust capabilities to FortiOS software.
Cadbury Warns of Easter Egg Scam
Cyber-criminals target sweet-toothed consumers with fake Easter Egg hunt scam
The Russian cyberattack threat might force a new IT stance
With the threat of Russian cyberattacks still with us, companies need to be on a war footing when it comes to security.