![]() |
Description: William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.
February 20th, 2025 (5 months ago)
|
![]() |
Description: Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity requirements under its Defense Health Agency (DHA) TRICARE contract. [...]
February 20th, 2025 (5 months ago)
|
![]() |
Description: New Horizons Baking Company Has Fallen Victim to Cactus Ransomware
February 20th, 2025 (5 months ago)
|
![]() |
Description: Dark Storm Team Targeted the Website of Bank of Central African States (BEAC)
February 20th, 2025 (5 months ago)
|
![]() |
Description: The company, which owns IGN, CNET, PCMag, and dozens more outlets and properties, took down specific information about its diversity commitment on multiple pages on its website over the past several weeks.
February 20th, 2025 (5 months ago)
|
![]() |
Description: The new Cloud Key Management Service is part of Google’s new roadmap for implementing the new NIST-based post-quantum cryptography (PQC) standards.
February 20th, 2025 (5 months ago)
|
![]() |
February 20th, 2025 (5 months ago)
|
![]() |
February 20th, 2025 (5 months ago)
|
![]() |
Description: The Chinese state-sponsored Salt Typhoon hacking group uses a custom utility called JumbledPath to stealthily monitor network traffic and potentially capture sensitive data in cyberattacks on U.S. telecommunication providers. [...]
February 20th, 2025 (5 months ago)
|
CVE-2025-0352 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rapid Response Monitoring
Equipment: My Security Account App
Vulnerability: Authorization Bypass Through User-Controlled Key
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Rapid Response Monitoring products are affected:
My Security Account App API: Versions prior to 7/29/24
3.2 VULNERABILITY OVERVIEW
3.2.1 Authorization Bypass Through User-Controlled Key CWE-639
Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users.
CVE-2025-0352 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
A CVSS v4 score has also been calculated for CVE-2025-0352. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Emergency Services
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States
3.4 RESEARCHER
kbots reported this vulnerability to CISA.
4. MITIGATIONS
Rapid Response Monitoring reports that this issue was patched on their end and no action is required ...
EPSS Score: 0.04%
February 20th, 2025 (5 months ago)
|