Guardio Labs found that attackers exploited a configuration setting in Proofpoint’s email protection service, allowing outbound messages to bypass email protections
HealthEquity Breach Hits 4.3 Million Customers
Health savings specialist HealthEquity reveals over four million customers were impacted in a recent breach
Israeli athletes doxed at Olympic Games by Zeus hacking group
On Friday posts were published on the internet containing what appeared to be the personal information of Israeli Olympic athletes.
Read more in my article on the Hot for Security blog.
ZDI-24-1024: NI VeriStand ProjectServer Exposed Dangerous Method Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-6805.
ZDI-24-1025: NI VeriStand IFileTransferServer Exposed Dangerous Method Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-6805.
ZDI-24-1026: NI VeriStand ProjectServer Exposed Dangerous Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-6806.
ZDI-24-1027: NI VeriStand ProjectServer OpenTool Exposed Dangerous Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-6806.
ZDI-24-1028: NI VeriStand WaveformStreamingServer Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-6794.
ZDI-24-1029: NI VeriStand DataLoggingServer Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-6793.
ZDI-24-1030: NI VeriStand VSMODEL File Parsing Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6791.