The most severe issue is a stack-based buffer overflow vulnerability (CVE-2024-34026) that allows an attacker to execute remote code. Users are advised to update to the latest version of OpenPLC to protect against these security risks.
The vulnerabilities could be exploited to remotely control Kia vehicles equipped with remote hardware in under 30 seconds, exposing the sensitive personal information of car owners.
Experts are investigating whether the hackers gained access to Cisco Systems routers, a key component of ISP infrastructures, but Cisco has not found any indication of router involvement.
SloppyLemming has been active since at least July 2021 and has targeted the government, law enforcement, energy, education, telecommunications, and technology sectors in countries such as Pakistan, Sri Lanka, Bangladesh, China, Nepal, and Indonesia.
Hackers are now using AI-generated malware in targeted attacks. In a recent email campaign in France, researchers found malicious code crafted with the help of generative AI to distribute the AsyncRAT malware.
A security flaw in OpenAI’s ChatGPT app for macOS, now patched, could have allowed attackers to implant persistent spyware into the AI tool’s memory. This could lead to continuous data exfiltration of user information across chat sessions.
Security researchers at Bitsight discovered critical vulnerabilities in Automated Tank Gauge (ATG) systems, including Maglink LX, Maglink LX4, OPW SiteSentinel, Proteus OEL8000, Alisonic Sibylla, and Franklin TS-550.
HashiCorp has released updated versions (1.17.6, 1.16.10, 1.15.15) to fix the flaw, along with a new configuration option to enhance security. Users are advised to upgrade or adjust their configurations to protect against exploitation.
The CISA has issued a warning about hackers using basic techniques to target industrial systems, particularly OT and ICS devices in critical infrastructure, water, and wastewater systems.
The six vulnerabilities, with high severity scores, could lead to unauthorized access and control over network infrastructure. Progress Software advises all WhatsUp Gold users to upgrade to version 24.0.1 to mitigate these vulnerabilities.