Critical OAS Bugs Open Industrial Systems to Takeover
The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says.
Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.
Search across headline titles and summaries.
Background for this topic.
A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.
Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.
The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says.
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.
Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information
Threat analysts have disclosed vulnerabilities affecting the Open Automation Software (OAS) platform, leading to device access, denial of service, and remote code execution. [...]
Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products. [...]
Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe "Pantsdown" Baseboard Management Controller (BMC) flaw, according to new research published today
Occasional gaping hole and overprivileged users still blight the Beast of Redmond Despite a record number of publicly disclosed security flaws in 2021, Microsoft managed to improve its stats, according to research from BeyondTrust.…
The newly added vulnerabilities span six years, with the oldest disclosed in 2016
The Versus Market, one of the most popular English-speaking criminal darknet markets, is shutting down after discovering a severe exploit that could have allowed access to its database and exposed the IP address of its servers. [...]
Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code
Google Project Zero blows lid off bug involving that old chestnut: XML parsing Zoom has fixed a security flaw in its video-conferencing software that a miscreant could exploit with chat messages to potentially execute malicious code on a victim's device.…
The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR. [...]
The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users' webcams and steal recorded videos. However, security flaws still exist that could be exploited by unscrupulous insiders. [...]
Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware. [...]
Crafty file names, encrypted malicious code, Office flaws – ah, it's like the Before Times HP's cybersecurity folks have uncovered an email campaign that ticks all the boxes: messages with a PDF attached that embeds a Word document that upon opening infects the victim's Windows PC with malware by exploiting a four-year-old code-execution vulnerability in Microsoft Office.…
School-friendly tool still not fully protected, privacy guru warns Screencastify, a popular Chrome extension for capturing and sharing videos from websites, was recently found to be vulnerable to a cross-site scripting (XSS) flaw that allowed arbitrary websites to dupe people into unknowingly activating their webcams.…
Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox. [...]