Posted on Leave a comment

New Side-channel Attack Was Discovered Which Affects All AMD CPUs.

Researchers from University of Technology and CISPA Helmholtz Center for Information Security, discovered the new attack method on AMD CPU which affects all the version. These side-channel attacks typically allow a malicious application installed on the targeted system to exploit CPU flaws in order to obtain potentially sensitive information from memory associated with other apps, such as passwords and encryption keys.

The newly presented research demonstrates that, Many of the side-channel attacks revealed in recent years have targeted Intel processors, … Read more

Posted on Leave a comment

Honeywell Experion Controllers Have Been Reported With Multiple Critical Flaws

Honeywell noted in an independent security notification published earlier this month Rei Heingman and Nadav Erez of Industrial Cybersecurity Firm Claroty are credited with discovering and reporting the flaws.

A Control Component  Library (CCL) may be modified by a bad actor and loaded to a controller causing the controller to execute malicious code.

The CCL format is a DLL/ELF file wrapper. Its first four bytes are the executable file’s CRC32 (DLL/ELF). The following 128 bytes represent the library’s name and … Read more

Posted on Leave a comment

Weekly Configured Apache AirFlow Servers Leaks Thousands Of Credentials.

Nicole Fishbein and Ryan Robinson are the researchers reported that how they discovered misconfiguration errors on Apache Airflow servers over the internet ,exposing sensitive information such as accounts run by major tech companies.

Apache Airflow is an open-source workflow management platform for automating business and IT tasks that is used by many companies across the world.

Intezer’s Researchers analysed that “These unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology (IT), biotech, e-commerce, health, energy, Read more

Posted on Leave a comment

New Remote Code Execution Vulnerability In Nagios Can Compromise Complete Network.

Security researchers from Claroty(Cyber security firm) had discovered new list of 11 vulnerabilities such as Remote code execution, SSRF, Local privilege escalation and other information disclosure vulnerabilities.

“The SolarWinds and Kaseya attacks were well-documented and devastating intrusions at the heart of IT and network management supply chains. In each case, alleged state actors were able to infiltrate the mechanisms used by the vendors to ship software updates to customers, and infect those updates with malware, including ransomware. In both cases, Read more

Posted on Leave a comment

Multiple Critical And Other Vulnerabilities Reported on VMware Vcenter Software, Fix It ASAP

VMware had released a urgent advisory requesting customers to fix multiple vulnerabilities reported on its VMware VCenter products. Among which ,the file upload vulnerability seems to be the most critical with CVSS score of 9.8 which can allow the remote attacker with access to 443 port can upload maliciously crafted file for compromising the target machine.

“The VMSA outlines a number of issues that are resolved in this patch release. The most urgent addresses CVE-2021-22005, a file upload vulnerability that Read more