LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites
A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the…
Delta Electronics InfraSuite Device Master
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of InfraSuite Device Master, a real-time device monitoring software, are affected: 3.2 Vulnerability Overview 3.2.1 DESERIALIZATION…
iniNet Solutions SpiderControl SCADA PC HMI Editor
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain remote control of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of iniNet Solutions SpiderControl SCADA PC HMI Editor, a software management platform, are affected:…
VIMESA VHF/FM Transmitter Blue Plus
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a Denial-of-Service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of VIMESA VHF/FM Transmitter Blue Plus, a VHF/FM Transmitter, is affected: 3.2 Vulnerability Overview 3.2.1 Improper Access Control…
Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability
Summary A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted…
Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability
Summary A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded…
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. With the collected data, Microsoft can map malicious infrastructure, gain a deeper understanding of sophisticated phishing operations, disrupt campaigns at…
PART I – perfctl: A Stealthy Malware Targeting Millions of Linux Servers
In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you have a Linux server connected…
PART II – perfctl: A Stealthy Malware Targeting Millions of Linux Servers
Read the first part at: https://iotsecuritynews.com/wp-admin/post.php?post=8009&action=edit Detection of “Perfctl” Malware To detect Perfctl malware you look for unusual spikes in CPU usage, or system slowdown if the rootkit has been deployed on your server. These may indicate cryptomining activities, especially during idle times. Monitoring Suspicious…
Mitsubishi Electric MELSEC iQ-F FX5-OPC
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a Denial-of-Service (DoS) condition on the product by getting a legitimate user to import a specially crafted PKCS#12 format certificate. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…
Stay connected