Archive for Cybersecurity - page 103

Mag102024

Vulnerabilità in Veeam Service Provider Console (VSPC) (AL02/240508/CSIRT-ITA)

Veeam ha reso noto, tramite un bollettino di sicurezza, la presenza di una vulnerabilità nel prodotto Service Provider Console (VSPC), software gratuito per il monitoraggio e la gestione in remoto dei carichi di lavoro. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Mag082024

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems (ICS) advisories on May 07, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-128-01 PTC Codebeamer ICSA-24-128-02 SUBNET Substation Server CISA encourages users and administrators to review the newly released ICS advisories…

Continue reading →

Mag082024

PoC pubblico per lo sfruttamento della CVE-2023-49606 relativa a Tinyproxy (AL02/240507/CSIRT-ITA)

Disponibile un Proof of Concept (PoC) per la CVE-2023-49606 – già sanata dalla comunità di sviluppatori – presente nel daemon proxy HTTP open-source Tinyproxy. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Mag062024

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise…

Continue reading →

Mag062024

CSIRT Italia

Rilevata una vulnerabilità con gravità “alta” in AIOHTTP, framework client/server HTTP utilizzato per creare applicazioni web ad alte prestazioni che richiedono la gestione di elevate richieste HTTP. Tale vulnerabilità, qualora sfruttata, potrebbe permettere l’invio di richieste POST opportunamente predisposte (multipart/form-data) che, al momento dell’elaborazione, portano…

Continue reading →

Mag042024

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems (ICS) advisories on May 02, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-123-01 CyberPower PowerPanel ICSA-24-123-02 Delta Electronics DIAEnergie ICSA-24-067-01 Chirp Systems Chirp Access (Update C) CISA encourages users and administrators…

Continue reading →

Mag042024

Smishing: rilevata nuova campagna a tema “Richiesta di Accesso” (AL03/240503/CSIRT-ITA)

Questo CSIRT ha recentemente rilavato il riacutizzarsi di una campagna di smishing a tema “Richiesta di Accesso” rivolta ai clienti dell’istituto bancario BNL / BNPP. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Mag022024

CERT/CC Reports R Programming Language Vulnerability

CERT Coordination Center (CERT/CC) has released information on a vulnerability in R programming language implementations (CVE-2024-27322). A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following advisories and apply the necessary…

Continue reading →

Page 103 of 184 ← First ... 101 102 103 104 105 ... Last →