CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-8603

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: B&R Equipment: Automation Runtime Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to masquerade as legitimate services on impacted devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS B&R reports that the following products are affected: B&R Automation Runtime: versions prior to 6.1 B&R mapp View: versions prior to 6.1 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327 A "Use of a Broken or Risky Cryptographic Algorithm" vulnerability in the SSL/TLS component used in B&R Automation Runtime versions <6.1 and B&R mapp View versions <6.1 may be abused by unauthenticated network-based attackers to masquerade as legitimate services on impacted devices. CVE-2024-8603 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Austria 3.4 RESEARCHER ABB PSIRT reported this vulnerability to CISA. 4. MITIGATIONS B&R has identified the following specific workarounds and mitigations users can apply to reduce risk: All affected products: The problem is corrected in the following product versions: B&...

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: All CISA Advisories
January 28th, 2025 (5 months ago)
Description: A Threat Actor Claims to be Selling Unauthorized VPN Access to an Electrical Manufacturing Organization in Taiwan
Source: DarkWebInformer
January 28th, 2025 (5 months ago)
Description: Cryptojacking may be stealthy, but its impact is anything but. From inflated cloud bills to sluggish performance, it's a threat that companies can't ignore. Learn more from Pentera about how automated security validation can protect your org from these threats. [...]
Source: BleepingComputer
January 28th, 2025 (5 months ago)
Description: Education software giant PowerSchool has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack. [...]
Source: BleepingComputer
January 28th, 2025 (5 months ago)
Description: Discover key insights from Recorded Future's 2024 report on cyber threats, criminal networks, SaaS identity risks, and strategies for 2025 cybersecurity.
Source: RecordedFuture
January 28th, 2025 (5 months ago)
Source: TheRegister
January 28th, 2025 (5 months ago)
Description: Chinese AI model DeepSeek R1, hailed as a major breakthrough in reasoning capabilities, has been found to be highly vulnerable to security exploits, allowing it to generate harmful content, including malware, disinformation, and instructions for criminal activities. A recent investigation by cyber-intelligence firm KELA revealed that the model is particularly easy to jailbreak, posing a … The post Chinese AI DeepSeek R1 Is a Privacy and Security Nightmare appeared first on CyberInsider.
Source: CyberInsider
January 28th, 2025 (5 months ago)
Description: Quantum computing will bring new security risks. Both professionals and legislators need to use this time to prepare.
Source: Dark Reading
January 28th, 2025 (5 months ago)
Description: Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. "By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf – including
Source: TheHackerNews
January 28th, 2025 (5 months ago)
Description: Microsoft has started testing a new "scareware blocker" feature for the Edge web browser on Windows PCs, which uses machine learning (ML) to detect tech support scams. [...]
Source: BleepingComputer
January 28th, 2025 (5 months ago)