Aggregator

The ARIA Cybersecurity team had a hugely productive week in Anaheim, California at the recent 2024 Rockwell Automation Fair. The event was a fantastic opportunity to make connections with companies from across different industries. They all shared one objective: to discover innovative new ways to protect their industrial operations from the dangerous new wave of sophisticated cyberattacks.

The post How Should OT Companies Measure Cyber Risk? | ARIA Cybersecurity appeared first on Security Boulevard.

木马“卷王”再度升级传播手段，360全方位遏制银狐变种

anonmoose Claims to Have Leaked the Data of The House Name Plate Company Ltd

888 is Claiming to Sell the Data of Young Living Essential Oils

Public WIFIs are not as dangerous as ppl portray them (correct me if I'm wrong)

what kind of stories work well where you don't reveal the outcome, where the other person must imagine how it ends themselves?

A vulnerability was found in Liferay Portal and DXP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to password hash with insufficient computational effort. This vulnerability is handled as CVE-2024-25607. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Linux Kernel up to 5.4.117/5.10.35/5.11.19/5.12/5.12.2. Affected by this vulnerability is the function in_nmi of the component gic-v3. The manipulation leads to denial of service. This vulnerability is known as CVE-2021-46961. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.117/5.10.35/5.11.19/5.12/5.12.2. Affected by this issue is the function tmio_mmc_host_free of the component uniphier-sd. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2021-46962. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.12.2. It has been declared as problematic. Affected by this vulnerability is the function qla2xxx_mqueuecommand of the component scsi. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2021-46963. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.4.118/5.10.36/5.11.20/5.12.3. Affected by this vulnerability is the function clk_unprepare of the file clk-aspeed.c of the component aspeed. The manipulation leads to denial of service. This vulnerability is known as CVE-2020-36787. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.5.7. This affects the function apply_alternatives of the file x86/alternatives:. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2023-52504. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.257/5.10.197/5.15.134/6.1.56/6.5.6. It has been classified as critical. This affects the function siw_cm_work_handler of the component RDMA. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2023-52513. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.5.7 and classified as problematic. Affected by this vulnerability is the function of_clk_add_provider of the component ca8210. The manipulation leads to use after free. This vulnerability is known as CVE-2023-52510. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has lifted a compatibility block preventing Windows 11 24H2 upgrades after fixing a bug causing USB connection issues to some scanners. [...]

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Top 10 Web Design Security Best Practices to Follow in 2025

White House cyber office needs a clearer identity, says report aimed at Trump, Congress