Simon Poirier’s Post

Microsoft researchers discovered two vulnerabilities in Rockwell Automation’s PanelView Plus that could be remotely exploited by attackers to allow remote code execution (RCE) and denial of service (DoS). PanelView Plus devices are graphic terminals, also known as human machine interface (HMI), used in the industrial sector. Both vulnerabilities are related to custom classes in PanelView Plus. The RCE vulnerability involves two custom classes that could be used to upload and load a malicious DLL into the device. The DoS vulnerability takes advantage of the same custom class to send a crafted buffer that the device is unable to handle properly, thus leading to a DoS. Microsoft reported these findings to Rockwell Automation in May and July 2023, and Rockwell Automation published security patches to address the vulnerabilities in September and October 2023. We’re sharing our research to help developers, vendors, and the industry in general to avoid or detect similar issues in their systems. Read our latest blog to get our analysis of the vulnerabilities, as well as mitigation and protection guidance for defenders: https://msft.it/6046l8Ufn

Are you secure? 1. Read blog post bellow 2. Check your Rockwell PanelView: CVE-2023-2071 (9.8) CVE-2023-29464 (8.2)

#AzureDaily 🚨Attention Azure experts! Microsoft warns of vulnerabilities in PanelView Plus devices, potentially leading to remote code execution. Stay vigilant and ensure your systems are up-to-date. #Azure #CloudComputing #Security #PanelViewPlus #RemoteCodeExecution

Vulnerabilities in PanelView Plus devices could lead to remote code execution Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device. The DoS vulnerability takes advantage of the same custom class to send a crafted buffer that the device is unable to handle properly, thus leading to a DoS. PanelView Plus devices are graphic terminals, also known as human machine interface (HMI) and are used in the industrial space. These vulnerabilities can significantly impact organizations using the affected devices, as attackers could exploit these vulnerabilities to remotely execute code and disrupt operations. We shared these findings with Rockwell Automation through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in May and July 2023. Rockwell published two advisories and released security patches in September and October 2023. We want to thank the Rockwell Automation product security team for their respo...

Google’s Quick Share Vulnerabilities Let Attackers Execute Remote Code: By reverse-engineering Quick Share’s proprietary communication protocol, researchers uncovered multiple vulnerabilities, including unauthorized file writes, forced Wi-Fi connections, directory traversal, and denial-of-service conditions.  These flaws were chained together to achieve remote code execution on Windows systems with Quick Share installed, bypass file approval dialogs and establish persistent Wi-Fi connections.  Google addressed these issues with two […] The post Google’s Quick Share Vulnerabilities Let Attackers Execute Remote Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

CrushFTP is designed to help businesses transfer digital files between a client and a server and monitor server activities across networks. Patch your CrushFTP if you're using it. Its under active exploration. CVE-2024-4040 allows remote attackers with low privileges to read files from the filesystem outside of VFS sandbox. Successful exploration allows a remote, unauthenticated attacker to access and potentially exfiltrate all files stored on the CrushFTP instance. #software #programmer #cloud #phishing #cybersecuritytraining #networking #itsecurity #ransomware #hacked #internet #computer #data #iot #hackingtools #networksecurity https://lnkd.in/gQgTrSST

Zero day HTTP: A new novel zero-day vulnerability that exploits the standard HTTP/2 protocol, which is responsible for how browsers interact with websites. This attack can generate attacks larger than anything the Internet had seen before, by making hundreds of thousands of requests and immediately canceling them. This can overwhelm websites and knock anything that uses HTTP/2 offline. Cloudflare discovered this vulnerability and helped mitigate it for its customers and the Internet ecosystem. JetBrains TeamCity RCE: A recently patched vulnerability in JetBrains’ TeamCity continuous integration and deployment (CI/CD) server was exploited by ransomware gangs to launch attacks. This vulnerability can give unauthenticated attackers remote code execution (RCE) abilities without requiring user input by exploiting an authentication bypass flaw. This can allow attackers to steal source code, service secrets, and private keys, and inject malicious code into the build process. Arm Mali GPU Vulnerabilities: A series of vulnerabilities in Arm’s Mali GPU drivers that were actively exploited by targeted attacks. These vulnerabilities affect several GPU architectures and can allow attackers to corrupt or change sensitive data, execute arbitrary code, or leak information from the GPU memory. Atlassian Confluence OGNL Injection: A zero-day vulnerability in Atlassian’s Confluence Server and Data Center products that allows attackers to execute arbitrary code on vulnerable servers. This vulnerability is caused by an OGNL (Object-Graph Navigation Language) injection flaw that can be exploited by sending a specially crafted request to a Confluence endpoint. Cisco ASA VPN Buffer Overflow: A zero-day vulnerability in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that allows attackers to execute arbitrary code on affected devices. This vulnerability is caused by a buffer overflow condition that can be triggered by sending malicious packets to a vulnerable interface of the device. Senselearner Technologies Pvt. Ltd.

🚀 Exciting News from Dateligens!🚀 Dateligens, a trusted name in TrustTech and Data Security, is thrilled to announce our expanded services offer in Cybersecurity, DevOps, and SysAdmin. We're ready to partner with you to secure and optimize your digital environment. 🔒 Our Services Now Include: - Cybersecurity: Penetration testing, DDoS protection, hacking prevention, data loss prevention, and comprehensive website diagnosis and treatment. - DevOps: Server configuration, backup settings, version control strategy, build infrastructure management, CI/CD pipeline maintenance, and more. - SysAdmin: Local network protection, host discovery, vulnerability assessment, firewall configuration, and IDS/IPS setup. Web Services: We offer rigorous penetration testing using both automated scanners and manual techniques to uncover vulnerabilities like SQL injections, XSS, OS command injections, and more. Enjoy 24/7 protection against 99% of external threats. Mobile Services: Benefit from our reverse engineering, dynamic code review, and static code review to ensure your apps are secure. Local Network Services: We provide detailed penetration testing, packet detection and analysis, and comprehensive vulnerability assessments to safeguard your network. DevOps and SysAdmin: Our experts will help you with server configuration, build infrastructure management, and continuous integration and deployment, ensuring your systems run smoothly and securely. 🔧 If your web application is compromised, we offer malware detection and removal services, along with preventative recommendations to secure your future. Ready to elevate your security and operations? Contact us today to learn how Dateligens can protect and enhance your digital assets. 📞 Let's secure your success together! #Cybersecurity #DevOps #SysAdmin #DataSecurity #WebProtection #MobileSecurity #NetworkSecurity #Dateligens #TechInnovation #DigitalSecurity #PenetrationTesting #DDoSProtection #CI_CD #VersionControl #SystemMonitoring #TrustTech #TrustBackbone Contact us now to get started!

Most individuals who are responsible for keeping their organizations cyber safe—developers, system administrators, site reliability engineers, even junior analysts—are not security specialists by training, so what's needed to help them counter the surge in adversarial attacks? 👨💻👩💻🛡️ Manila Bulletin dives into #GoogleCloud’s development of Security AI Workbench, an industry-first platform powered by specialized security large language model Sec-PaLM, and how it pairs novices and experts alike with #generativeAI expertise to go beyond what they could do alone ✨ Learn more 👇 Hibu #arizona #anthemaz #peoriaaz #glendaleaz #newriveraz #surpriseaz #suncityaz #emotionalintelligence #YouOweYou #SetTheStandard #NoTrackingNotARealPlan #ItsYourInformation #google #googlecloud #gcp #genai #blackcanyoncity #carefreeaz #HowDoYouSearch

🔍 Microsoft has identified two critical vulnerabilities in Rockwell Automation PanelView Plus that could allow remote attackers to execute arbitrary code and cause denial-of-service (DoS) attacks. These flaws, with CVSS scores of 9.8 and 8.2, impact various versions of FactoryTalk View and FactoryTalk Linx. Rockwell Automation and CISA have already issued advisories and patches. 🔒 Stay Safe: Ensure your systems are updated to protect against these vulnerabilities! #CyberSecurity #Microsoft #RockwellAutomation #TechNews #Infosec #Vulnerability Read more 👇