What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-04-10 05:20:09 | Rapport de vulnérabilité ICS: Énergie, correctifs de fabrication des dispositifs invoqués par Cyble ICS Vulnerability Report: Energy, Manufacturing Device Fixes Urged by Cyble (lien direct) |
> | Tool Vulnerability Threat Patching Industrial Medical Commercial | ★★★ | |
|
2025-03-24 13:55:11 | L'arrêt de Deepfakes dans les services financiers nécessitera de nouveaux processus: Cyble Stopping Deepfakes in Financial Services Will Require New Processes: Cyble (lien direct) |
La montée en puissance de AI-Generated Deepfakes href = "https://cyble.com/knowledge-hub/what-are-cyber-stathes/" cible = "_ blank" rel = "noreferrer noopener"> cyber menace .
Que la fraude Deepfake frappe les consommateurs, les comptes commerciaux ou les institutions financières elles-mêmes, les organisations du secteur des services bancaires et financiers auront besoin de nouveaux processus et Cybersecurity
Un nouveau rapport Cyble - adresser les risques defake Deepfake dans BFSI - examine un large éventail de défauts financiers Deepfake ces nouvelles menaces.
Voici quelques-unes des conclusions du rapport. Il est disponible en téléchargement gratuit avec d'autres Cyble Research Reports .
Même les employés financiers se font dupe par Deepfakes
Ces nouvelles menaces Deepfake deviennent si réalistes qu'elles trompent même des professionnels financiers dans certains cas.
Dans un incident alarmant, un employé financier d'une société de conception et d'ingénierie renommée était |
Spam Hack Tool Cloud Commercial | ★★★ | |
|
2025-03-21 10:12:55 | Rapport de vulnérabilité ICS: Énergie solaire, correctifs de cardiologie poussés par Cyble ICS Vulnerability Report: Solar Energy, Cardiology Fixes Urged by Cyble (lien direct) |
Les 66 vulnérabilités comprennent 30 défauts de haute sévérité et 15 vulnérabilités critiques dans huit secteurs, allant de l'énergie et des soins de santé au transport, à la fabrication critique, aux produits chimiques, à l'alimentation et à l'agriculture, aux eaux usées et aux installations commerciales. Cyble a mis en évidence deux des conseils de la CISA comme méritant une attention particulièrement élevée en raison de vulnérabilités trouvés dans les systèmes de gestion de l'énergie et de cardiologie de l'énergie solaire. Vulnérabilités ICS critiques Cyble a noté que Vulnérabilités Dans Sungrow Isolarcloud "sont parmi les importants car ils ont un impact sur les systèmes de gestion de l'énergie critiques." L'application Android et le micrologiciel A | Tool Vulnerability Patching Mobile Industrial Medical Commercial | ★★ | |
|
2025-03-13 09:55:19 | Le rapport NIS360 d'Eisa \\ fournit une vision stratégique de la maturité de la cybersécurité dans les secteurs critiques ENISA\\'s NIS360 Report Provides a Strategic View of Cybersecurity Maturity Across Critical Sectors (lien direct) |
conclusions de clés Les trois secteurs les plus matures enisa identifie l'électricité, les télécommunications et les banques comme les plus matures | Tool Vulnerability Legislation Cloud Commercial | ★★ | |
|
2025-03-10 09:02:21 | Rapport de vulnérabilité ICS: Flaws critiques dans les systèmes de vidéosurveillance, de RTOS et de génome ICS Vulnerability Report: Critical Flaws in CCTV, RTOS and Genome Systems (lien direct) |
Tool Vulnerability Threat Patching Industrial Medical Commercial | ★★★ | ||
|
2025-02-20 10:10:49 | (Déjà vu) CISA Vulnerability Advisories Reveal Complexity of ICS Products (lien direct) | 
Overview
Cyble\'s weekly industrial control system (ICS) vulnerability report to clients examined 122 ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities pulled from 22 recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The 122 vulnerabilities affect products from seven vendors across nine critical sectors, ranging from energy and healthcare to wastewater systems, transportation, manufacturing, food and agriculture, chemicals, and commercial facilities. Nine of the vulnerabilities are rated critical.
One interesting aspect of the advisories is how many of the ICS vulnerabilities come from third-party components that weren\'t made by the ICS vendor, revealing the complexity and vulnerability of these critical systems.
Four Critical Siemens Vulnerabilities
Siemens had the highest number of vulnerabilities in the CISA advisories, 100 in all, but only four were rated critical-and all of the critical vulnerabilities came from non-Siemens components.
Two of the critical vulnerabilities affect Siemens Opcenter Intelligence, a manufacturing intelligence platform used to improve manufacturing processes and stem from vulnerabilities in the Java OpenWire protocol marshaller (CVE-2023-46604, a 9.6-severity Deserialization of Untrusted Data vulnerability) and the Tableau Server Administration Agent\'s internal file transfer service (CVE-2022-22128, a 9.0-rated Path Traversal vulnerability). Opcenter Intelligence versions prior to V2501 are affected.
CISA addressed those vulnerabilities in a February 13 advisory, noting that “Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to |
Tool Vulnerability Patching Industrial Medical Commercial | ★★★ | |
|
2025-01-23 12:43:04 | Aircraft Collision Avoidance Systems Hit by High-Severity ICS Vulnerability (lien direct) | >
Overview
A pair of vulnerabilities in the Traffic Alert and Collision Avoidance System (TCAS) II for avoiding midair collisions were among 20 vulnerabilities reported by Cyble in its weekly Industrial Control System (ICS) Vulnerability Intelligence Report.
The midair collision system flaws have been judged at low risk of being exploited, but one of the vulnerabilities does not presently have a fix. They could potentially be exploited from adjacent networks.
Other ICS vulnerabilities covered in the January 15-21 Cyble report to subscribers include flaws in critical manufacturing, energy and other critical infrastructure systems. The full report is available for subscribers, but Cyble is publishing information on the TCAS vulnerabilities in the public interest.
TCAS II Vulnerabilities
The TCAS II vulnerabilities were reported to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) by European researchers and defense agencies. CISA in turn disclosed the vulnerabilities in a January 21 advisory.
The vulnerabilities are still undergoing analysis by NIST, but Cyble vulnerability researchers said the weaknesses “underscore the urgent need for enhanced input validation and secure configuration controls in transportation systems.”
TCAS airborne devices function independently of ground-based air traffic control (ATC) systems, according to the FAA, and provide collision avoidance protection for a range of aircraft types. TCAS II is a more advanced system for commercial aircraft with more than 30 seats or a maximum takeoff weight of more than 33,000 pounds. TCAS II offers advanced features such as recommended escape maneuvers for avoiding midair collisions.
The first vulnerability, CVE-2024-9310, is an “Untrusted Inputs” vulnerability in TCAS II that presently carries a CVSS 3.1 base score of 6.1.
CISA notes that “By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories (RAs).”
The second flaw, CVE-2024-11166, is an 8.2-severity External Control of System or Configuration Setting vulnerability. TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F could be attacked by threat actors impersonating a ground station to issue a Comm- |
Tool Vulnerability Threat Patching Industrial Commercial | ★★★ |
1
We have: 7 articles.
We have: 7 articles.
To see everything:
Our RSS (filtrered)
