3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS

Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL.…
Read more

Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches

The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity’s adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information, whichever is greater.…
Read more

Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

As the holiday season approaches, my family has a tradition of watching all of our favorite holiday movies—my favorite being Home Alone. It is the time for festive decorations, eggnog, and large heartwarming feasts with family and friends. Sadly, though, it is going to take a lot more than your aunt’s mystery casserole to ward off nefarious actors during the holiday season.…
Read more

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements. The Commission nationale de l’informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5 algorithm as recently as July 2022.…
Read more

This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo (com.vanjan.sms), had over 100,000 downloads and functioned as a relay for transmitting messages to a server, which advertises an account creation service.…
Read more

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an “unexpected behavior” in the npm command line interface (CLI) tool. npm CLI’s install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for developers by highlighting the flaws.…
Read more

North Korea Hackers Using New “Dolphin” Backdoor to Spy on South Korean Targets

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. “The backdoor […] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers,” ESET researcher Filip Jurčacko said in a new report published today.…
Read more

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.…
Read more

Unique Visitors
» 1,603 Today
» 5,052 Yesterday
» 30,047 This Week
» 18,142 This Month
» 4,154,800 This Year
» 8,245,712 Total (since 2019-12-11)
» Record: 46,026 (2021-12-02)
Counter by DarkWeb.Solutions