Alert

CISA issued seven advisories about Industrial Control Systems (ICS) on June 27, 2024. These advisories aim to give prompt information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-179-01 TELSAT marKoni FM Transmitter ICSA-24-179-02 SDG Technologies PnPSCADA ICSA-24-179-03 Yokogawa FAST/TOOLS and CI Server ICSA-24-179-04 Johnson Controls Illustra Essentials Gen …

CISA released two advisories about Industrial Control Systems (ICS) on June 25, 2024. The advisories contain important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-177-01 ABB Ability System 800xA: Successful exploitation of these vulnerabilities could cause services to crash and restart. ICSA-24-177-02 PTC Creo Elements/Direct License Server: …

On June 18, 2024, CISA released an advisory about Industrial Control Systems (ICS). These advisories give important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-170-01 RAD Data Communications SecFlow-2: Successful exploitation of this vulnerability could allow an attacker to obtain files from the operating system by crafting …

VMware has fixed critical security flaws in Cloud Foundation, vCenter Server, and vSphere ESXi. These flaws could be used for privilege escalation and remote code execution. Vulnerabilities include: CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8): Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could allow an unauthorized individual …

A threat actor has announced selling a 0day vulnerability for Dahua cameras. The bad actor claimed this vulnerability supposedly works with all versions of the device. The threat actor announced the vulnerability allowed unrestricted access and control of the camera and describing it as a Remote Code Execution (RCE) exploit. …

Asus has released a crucial firmware update to address a severe vulnerability that impacts seven of its business router model. Customers are urged to promptly review their firmware status and apply the necessary updates. The flaw CVE: 2024-3080 with a CVSS score of 9.8 is an authentication bypass vulnerability that …

Proofpoint found a fake website selling tickets for the Paris 2024 Summer Olympic Games. The website, “paris24tickets[.]com,” claimed to be a secondary marketplace for sports and live event tickets. It appeared as the second sponsored search result on Google, right after the official website, when searching for “Paris 2024 tickets” …

ASUS released a new firmware update to fix a vulnerability affecting seven router models, which could be exploited by remote attackers to log in to the devices. The vulnerability CVE-2024-3080 (CVSS v3.1 score: 9.8 “critical”) is an authentication bypass flaw. It enables remote attackers without authentication to control the device. …

NGINX team released important updates for their web server software and is advising users to upgrade as soon as possible. The updates fix four important vulnerabilities in the HTTP/3 implementation, especially affecting configurations using the “ngx_http_v3_module.” CVE-2024-32760: A vulnerability in NGINX Plus or NGINX OSS causes HTTP/3 QUIC module to …

CISA published an advisory on May 28, 2024, about Industrial Control Systems (ICS). They share important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-149-01 Campbell Scientific CSI Web Server: The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches …