home.social

#cyber-security โ€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cyber-security, aggregated by home.social.

fetched live
  1. Update on Attacks by Threat Group APT-C-60 in 2026

    APT-C-60 continues targeting organizations in Japan with evolved tactics observed throughout 2026. The threat group employs spear-phishing emails containing Proton Drive links or direct attachments with RAR archives. Victims extract LNK files that execute JavaScript via mshta.exe, leading to multi-stage payload delivery. The attackers abuse legitimate services including GitHub, GitLab, jsDelivr, and Codeberg as infrastructure for hosting malicious components. Git.exe is leveraged to execute scripts that deploy downloaders and loaders, ultimately delivering SpyGlace malware versions 3.1.15 through 3.1.18. The attack chain involves multiple obfuscated JavaScript files and persistence mechanisms similar to previous campaigns. By utilizing developer-oriented services and CDNs commonly allowed in corporate environments, the threat actor attempts to evade detection and blend malicious traffic with legitimate communications.

    Pulse ID: 6a54e01e0597d81e8ad9f7d0
    Pulse Link: otx.alienvault.com/pulse/6a54e
    Pulse Author: AlienVault
    Created: 2026-07-13 12:54:54

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CDN #CyberSecurity #DNS #Email #GitHub #ICS #InfoSec #Japan #Java #JavaScript #LNK #Malware #OTX #OpenThreatExchange #Phishing #RAT #SMS #SpearPhishing #bot #AlienVault

  2. Update on Attacks by Threat Group APT-C-60 in 2026

    APT-C-60 continues targeting organizations in Japan with evolved tactics observed throughout 2026. The threat group employs spear-phishing emails containing Proton Drive links or direct attachments with RAR archives. Victims extract LNK files that execute JavaScript via mshta.exe, leading to multi-stage payload delivery. The attackers abuse legitimate services including GitHub, GitLab, jsDelivr, and Codeberg as infrastructure for hosting malicious components. Git.exe is leveraged to execute scripts that deploy downloaders and loaders, ultimately delivering SpyGlace malware versions 3.1.15 through 3.1.18. The attack chain involves multiple obfuscated JavaScript files and persistence mechanisms similar to previous campaigns. By utilizing developer-oriented services and CDNs commonly allowed in corporate environments, the threat actor attempts to evade detection and blend malicious traffic with legitimate communications.

    Pulse ID: 6a54e01e0597d81e8ad9f7d0
    Pulse Link: otx.alienvault.com/pulse/6a54e
    Pulse Author: AlienVault
    Created: 2026-07-13 12:54:54

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CDN #CyberSecurity #DNS #Email #GitHub #ICS #InfoSec #Japan #Java #JavaScript #LNK #Malware #OTX #OpenThreatExchange #Phishing #RAT #SMS #SpearPhishing #bot #AlienVault

  3. Threat Actors Achieve Persistence After SQL Injection

    Threat actors gaining initial access through SQL injection exploited a web application vulnerability in a technology sector organization. After compromising an MSSQL instance via inadequate input validation, the attackers deployed base64-encoded PowerShell scripts to conduct reconnaissance using tasklist commands and exfiltrated results to an external server. They established persistence by enabling Remote Desktop Services, creating an administratively privileged user account named adminweb2$, and disabling Windows Defender. The attackers installed BadIIS modules for SEO fraud, deployed XMRig cryptocurrency miner with hidden file attributes, and utilized service creation tools. Multiple PowerShell scripts and batch files were downloaded throughout the attack to facilitate various malicious operations and maintain access.

    Pulse ID: 6a551f28c1e094d7650c8ecd
    Pulse Link: otx.alienvault.com/pulse/6a551
    Pulse Author: AlienVault
    Created: 2026-07-13 17:23:51

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #MSSQL #OTX #OpenThreatExchange #PowerShell #RAT #SQL #Vulnerability #Windows #bot #cryptocurrency #AlienVault

  4. Threat Actors Achieve Persistence After SQL Injection

    Threat actors gaining initial access through SQL injection exploited a web application vulnerability in a technology sector organization. After compromising an MSSQL instance via inadequate input validation, the attackers deployed base64-encoded PowerShell scripts to conduct reconnaissance using tasklist commands and exfiltrated results to an external server. They established persistence by enabling Remote Desktop Services, creating an administratively privileged user account named adminweb2$, and disabling Windows Defender. The attackers installed BadIIS modules for SEO fraud, deployed XMRig cryptocurrency miner with hidden file attributes, and utilized service creation tools. Multiple PowerShell scripts and batch files were downloaded throughout the attack to facilitate various malicious operations and maintain access.

    Pulse ID: 6a551f28c1e094d7650c8ecd
    Pulse Link: otx.alienvault.com/pulse/6a551
    Pulse Author: AlienVault
    Created: 2026-07-13 17:23:51

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #MSSQL #OTX #OpenThreatExchange #PowerShell #RAT #SQL #Vulnerability #Windows #bot #cryptocurrency #AlienVault

  5. ๐ŸŸ  CVE-2026-26396 - High (7.5)

    OpenBMB XAgent v1.0.0 and before is vulnerable to path traversal in the file() function in XAgent/XAgentServer/application/routers/workspace.py. The input parameter โ€œfilenameโ€ is user-controllable and is concatenated into the file path to be r...

    ๐Ÿ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  6. ๐ŸŸ  CVE-2026-55773 - High (8.8)

    CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Cedar-expres...

    ๐Ÿ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  7. ๐ŸŸ  CVE-2026-55771 - High (8.8)

    CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals() has inverted null/self branches which could lead to incorrect eq...

    ๐Ÿ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  8. ๐Ÿšจ EUVD-2026-43524

    ๐Ÿ“Š Score: 8.8/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: cedar-java
    ๐Ÿข Vendor: cedar-policy
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals() has inverted null/self branches which could lead to incorrect equal...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  9. ๐Ÿšจ EUVD-2026-43524

    ๐Ÿ“Š Score: 8.8/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: cedar-java
    ๐Ÿข Vendor: cedar-policy
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals() has inverted null/self branches which could lead to incorrect equal...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  10. ๐Ÿงช NEW BETA RELEASES ๐Ÿงช

    ๐Ÿ“ฑ iOS 26.6 beta 5 (23G5065a)
    ๐Ÿ“ฑ iPadOS 26.6 beta 5 (23G5065a)
    ๐Ÿ“ฑ iPadOS 27.0 beta 3 v.2 (24A5380l)
    ๐Ÿ’ป macOS 26.6 beta 5 (25G5065a)
    ๐Ÿ’ป macOS 27.0 beta 3 v.2 (26A5378n)
    ๐Ÿ“บ tvOS 26.6 beta 5 (23L5766a)
    ๐Ÿฅฝ visionOS 26.6 beta 5 (23O5765a)
    โŒš watchOS 26.6 beta 5 (23U5062b)

    #apple #cybersecurity #infosec #security #ios

  11. ๐Ÿงช NEW BETA RELEASES ๐Ÿงช

    ๐Ÿ“ฑ iOS 26.6 beta 5 (23G5065a)
    ๐Ÿ“ฑ iPadOS 26.6 beta 5 (23G5065a)
    ๐Ÿ“ฑ iPadOS 27.0 beta 3 v.2 (24A5380l)
    ๐Ÿ’ป macOS 26.6 beta 5 (25G5065a)
    ๐Ÿ’ป macOS 27.0 beta 3 v.2 (26A5378n)
    ๐Ÿ“บ tvOS 26.6 beta 5 (23L5766a)
    ๐Ÿฅฝ visionOS 26.6 beta 5 (23O5765a)
    โŒš watchOS 26.6 beta 5 (23U5062b)

    #apple #cybersecurity #infosec #security #ios

  12. "Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting" by Cybersecurity and Infrastructure Security Agency (#CISA)๐Ÿ‡บ๐Ÿ‡ธ and 18 other gov't security organizations๐Ÿ‡ฆ๐Ÿ‡บ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ณ๐Ÿ‡ฟ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡จ๐Ÿ‡ฟ๐Ÿ‡ฉ๐Ÿ‡ฐ๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡ซ๐Ÿ‡ฎ๐Ÿ‡ซ๐Ÿ‡ท๐Ÿ‡ฎ๐Ÿ‡น๐Ÿ‡ต๐Ÿ‡ฑ๐Ÿ‡ธ๐Ÿ‡ช - Recommended router configuration steps to mitigate recurring Russian network attacks on western #infrastructure. cisa.gov/news-events/cybersecu #malware #cyberwar #cybersecurity #Internet #networking #tech

  13. "Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting" by Cybersecurity and Infrastructure Security Agency (#CISA)๐Ÿ‡บ๐Ÿ‡ธ and 18 other gov't security organizations๐Ÿ‡ฆ๐Ÿ‡บ๐Ÿ‡จ๐Ÿ‡ฆ๐Ÿ‡ณ๐Ÿ‡ฟ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ‡จ๐Ÿ‡ฟ๐Ÿ‡ฉ๐Ÿ‡ฐ๐Ÿ‡ช๐Ÿ‡ช๐Ÿ‡ซ๐Ÿ‡ฎ๐Ÿ‡ซ๐Ÿ‡ท๐Ÿ‡ฎ๐Ÿ‡น๐Ÿ‡ต๐Ÿ‡ฑ๐Ÿ‡ธ๐Ÿ‡ช - Recommended router configuration steps to mitigate recurring Russian network attacks on western #infrastructure. cisa.gov/news-events/cybersecu #malware #cyberwar #cybersecurity #Internet #networking #tech

  14. State of (in)security - Week 28, 2026

    Week 28 of 2026 saw 17 security advisories and 26 incidents (down from 28 the prior week), with roughly 2.7 million individuals impacted. The largest breach is Moody Bible Institute's exposure of 2.3 million records via a PeopleSoft zero-day. Ransomware/malware and unauthorized access were the leading causes (7 incidents each), healthcare was the hardest-hit industry, and several actively exploited flaws were reported in products including Adobe ColdFusion, Gitea, Joomla extensions, and Langflow.

    **Make sure to update your Joomla and plugins. They are under heavy attack!**
    #cybersecurity #infosec #knowledge #weeklyreport
    beyondmachines.net/event_detai

  15. State of (in)security - Week 28, 2026

    Week 28 of 2026 saw 17 security advisories and 26 incidents (down from 28 the prior week), with roughly 2.7 million individuals impacted. The largest breach is Moody Bible Institute's exposure of 2.3 million records via a PeopleSoft zero-day. Ransomware/malware and unauthorized access were the leading causes (7 incidents each), healthcare was the hardest-hit industry, and several actively exploited flaws were reported in products including Adobe ColdFusion, Gitea, Joomla extensions, and Langflow.

    **Make sure to update your Joomla and plugins. They are under heavy attack!**
    #cybersecurity #infosec #knowledge #weeklyreport
    beyondmachines.net/event_detai

  16. ๐ŸŸ  CVE-2026-49970 - High (8.8)

    Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestin...

    ๐Ÿ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  17. ๐ŸŸ  CVE-2026-49972 - High (8.8)

    Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised within a double extension such as shell.php.jpg....

    ๐Ÿ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  18. ๐ŸŸ  CVE-2026-55772 - High (8.8)

    CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Record-to-En...

    ๐Ÿ”— thehackerwire.com/vulnerabilit

    #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  19. ๐Ÿšจ EUVD-2026-43515

    ๐Ÿ“Š Score: 5.1/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: phoenix_live_view, phoenix_live_view
    ๐Ÿข Vendor: phoenixframework
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Cross-site scripting vulnerability in phoenixframework phoenix_live_view allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session.

    The Phoenix.LiveView.Utils.valid_destinat...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  20. ๐Ÿšจ EUVD-2026-43515

    ๐Ÿ“Š Score: 5.1/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: phoenix_live_view, phoenix_live_view
    ๐Ÿข Vendor: phoenixframework
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Cross-site scripting vulnerability in phoenixframework phoenix_live_view allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session.

    The Phoenix.LiveView.Utils.valid_destinat...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  21. ๐Ÿšจ EUVD-2026-43517

    ๐Ÿ“Š Score: 8.7/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: laravel-mediable
    ๐Ÿข Vendor: plank
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestinatio...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  22. ๐Ÿšจ EUVD-2026-43517

    ๐Ÿ“Š Score: 8.7/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: laravel-mediable
    ๐Ÿข Vendor: plank
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestinatio...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  23. ๐Ÿšจ EUVD-2026-43516

    ๐Ÿ“Š Score: 5.3/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: laravel-mediable
    ๐Ÿข Vendor: plank
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbitrary HTTP requests from the server by supplying unvalidated caller-controlled URLs to endpoints backed by MediaUploader::from...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  24. ๐Ÿšจ EUVD-2026-43518

    ๐Ÿ“Š Score: 5.3/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: laravel-mediable
    ๐Ÿข Vendor: plank
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, sc...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  25. ๐Ÿšจ EUVD-2026-43516

    ๐Ÿ“Š Score: 5.3/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: laravel-mediable
    ๐Ÿข Vendor: plank
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbitrary HTTP requests from the server by supplying unvalidated caller-controlled URLs to endpoints backed by MediaUploader::from...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  26. ๐Ÿšจ EUVD-2026-43518

    ๐Ÿ“Š Score: 5.3/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: laravel-mediable
    ๐Ÿข Vendor: plank
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, sc...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  27. ๐Ÿšจ EUVD-2026-43519

    ๐Ÿ“Š Score: 7.7/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: laravel-mediable
    ๐Ÿข Vendor: plank
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised within a double extension such as shell.php.jpg. The...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  28. ๐Ÿšจ EUVD-2026-43519

    ๐Ÿ“Š Score: 7.7/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: laravel-mediable
    ๐Ÿข Vendor: plank
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised within a double extension such as shell.php.jpg. The...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  29. ๐Ÿšจ EUVD-2026-43520

    ๐Ÿ“Š Score: 9.5/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: ServiceNow AI Platform, ServiceNow AI Platform, ServiceNow AI Platform (+4 more)
    ๐Ÿข Vendor: Servicenow
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain ...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  30. ๐Ÿšจ EUVD-2026-43520

    ๐Ÿ“Š Score: 9.5/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: ServiceNow AI Platform, ServiceNow AI Platform, ServiceNow AI Platform (+4 more)
    ๐Ÿข Vendor: Servicenow
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain ...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  31. ๐Ÿšจ EUVD-2026-43521

    ๐Ÿ“Š Score: n/a
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  32. ๐Ÿšจ EUVD-2026-43521

    ๐Ÿ“Š Score: n/a
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  33. ๐Ÿšจ EUVD-2026-43522

    ๐Ÿ“Š Score: 8.8/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: cedar-java, cedar-java, cedar-java
    ๐Ÿข Vendor: cedar-policy
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling cou...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  34. ๐Ÿšจ EUVD-2026-43522

    ๐Ÿ“Š Score: 8.8/10 (CVSS v3.1)
    ๐Ÿ“ฆ Product: cedar-java, cedar-java, cedar-java
    ๐Ÿข Vendor: cedar-policy
    ๐Ÿ“… Updated: 2026-07-13

    ๐Ÿ“ CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling cou...

    ๐Ÿ”— euvd.enisa.europa.eu/vulnerabi

    #cybersecurity #infosec #euvd #cve #vulnerability

  35. ๐Ÿ๐Ÿฏ Oh, the riveting saga of a #TFTP honey potโ€”spoiler alert: it was forbidden! ๐Ÿ”๐Ÿšซ Apparently, attempting to #access this tantalizing "research" is like asking a bouncer to let you into a library rave. Nice try, but you shall not pass! ๐Ÿ˜‚๐Ÿ“š
    bruceediger.com/posts/tftp-hon #HoneyPot #Forbidden #LibraryRave #CyberSecurity #Research #Humor #HackerNews #ngated

  36. Die Ransomware-Gruppe D1R hat Bosch auf ihrer Darknet-Seite gelistet, mit einer Frist von 11 Tagen und der Drohung, gestohlene Konstruktionsdaten zu verรถffentlichen. Der Einbruch erfolgte nicht bei Bosch direkt, sondern รผber den Softwareanbieter Synopsys. Gestohlene Daten umfassen offenbar VHDL-Hardware-Designs und Unterlagen zum CAN-Bus-Protokoll โ€” Technologie, die in Fahrzeugen, Zรผgen und Flugzeugen weltweit im Einsatz ist.

    #ITSicherheit #Cybersecurity #Ransomware #SupplyChain #Bosch