-
Elber Communications Equipment
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Elber Equipment: Communications Equipment Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Hidden Functionality 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized administrative access to the affected device. 3. TECHNICAL DETAILS 3.1…
-
Schneider Electric Web Designer for Modicon
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Web Designer for Modicon Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure, workstation integrity and potential remote code execution on the compromised computer. 3. TECHNICAL DETAILS…
-
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers. LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate…
-
Rockwell Automation FactoryTalk AssetCentre
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk AssetCentre Vulnerabilities: Inadequate Encryption Strength, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to extract passwords, access, credentials, or impersonate other users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…
-
Free secure desktop email client for Linux, Windows and macOS
The Tuta desktop email client for Linux, Windows, and macOS is an amazing tools that offers many benefits compared to accessing Tuta Mail and Tuta Calendar via web browser. Check here how our end-to-end encrypted, open source desktop clients for Linux, Windows and macOS make your experience with Tuta even more secure, and how the…
-
New Outlook’s security issues: Businesses should avoid switching!
Microsoft’s “new Outlook” (introduced in 2022) has been promoted as an upgrade, but its implementation introduces severe data protection concerns – so severe that it’s fair to say it’s a downgrade rather than an upgrade. Regardless, Microsoft increasingly pushes personal and business Outlook users to switch to the new Outlook. But IT admins should be…
-
On Generative AI Security
Microsoft’s AI Red Team just published “Lessons from Red Teaming 100 Generative AI Products.” Their blog post lists “three takeaways,” but the eight lessons in the report itself are more useful: Understand what the system can do and where it is applied. You don’t have to compute gradients to break an AI system. AI red…
-
AIs and Robots Should Sound Robotic
Most people know that robots no longer sound like tinny trash cans. They sound like Siri, Alexa, and Gemini. They sound like the voices in labyrinthine customer support phone trees. And even those robot voices are being made obsolete by new AI-generated voices that can mimic every vocal nuance and tic of human speech, down…
-
Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware
This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised.” It…
-
Deepfakes and the 2024 US Election
Interesting analysis: We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project (source for our analysis), which tracked known uses of AI for creating political content during elections taking place in 2024 worldwide. In each case, we identified what AI was used for and estimated the cost of creating…