Several critical vulnerabilities scored a maximum of 10 on the CVSS scale.
Siemens and Schneider Electric have published a total of 25 bulletins addressing over 40 vulnerabilities affecting their industrial products.
Siemens released 21 new bulletins and updated 25 previously published bulletins. The new bulletins cover 36 vulnerabilities, including five critical issues. One of the critical vulnerabilities, which received a maximum 10 on the CVSS scale, affects the Desigo CC construction management platform and the Cerberus danger management station (DMS). A deserialization vulnerability could allow an unauthorized attacker to execute arbitrary code on the system. The risk of exploitation is higher for systems connected directly to the Internet.
Another critical issue, with a CVSS score of 10, is a command injection vulnerability affecting Siveillance Open Interface Services (OIS). The issue could be exploited by a remote unauthorized attacker to execute code with superuser privileges.
A buffer overflow vulnerability in the web server of APOGEE and TALON automation devices is also critical. A remote attacker could exploit the issue to execute arbitrary code with superuser privileges.
The Siemens Industrial Edge app resolves a critical issue that could allow an unauthorized attacker to change the password of any user on the system.
Another critical issue affects the SIPROTEC 5 relay and could allow a remote attacker to trigger a Denial of Service (DoS) condition or execute arbitrary code.
Resolved dangerous issues in Ruggedcom ROX (device control interception vulnerability), Simcenter STAR-CCM + Viewer (code execution or data theft), Siemens NX (access violation and potential code execution), SINEC NMS (file loading and management configuration), SCALANCE switches (DoS), Teamcenter (account hijacking and unauthorized access to data), SIMATIC NET CP (DoS) modules, LOGO! CMR and SIMATIC RTU 3000 (DoS), SIPROTEC 5 (DoS), RFID terminals (code execution) and SINEMA Remote Connect Server (DoS).
Schneider Electric released four notifications covering a total of seven vulnerabilities. Two issues affect the StruxureWare Data Center Expert physical infrastructure management product. Both critical vulnerabilities could allow an attacker to remotely execute arbitrary code.
An arbitrary code execution vulnerability has been identified in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect. For successful exploitation, an attacker would need to trick the victim into opening a malicious project file.
Three critical issues have been fixed in the Modicon M340 PLC web server component. They can be used to retrieve confidential information or invoke DoS status.
PlayStation 5 has been hacked. You can install games, but you can’t run them yet
Nearly two years after the PlayStation 5 went on sale, modders have found a way to jailbreak the console, albeit with some restrictions.
IGN notes that the modder, known as SpecterDev, disclosed an apparent jailbreak that is described as an experimental IPV6 kernel exploit exploiting a WebKit vulnerability.
The jailbreak will only work on PS5 systems with firmware 4.03 or later. If you’ve updated your PS5 since October last year, you won’t be able to try the exploit. But even if you need firmware, an attempt to install a jailbreak works only in a third of cases.
As for what you can do with a jailbroken PS5 right now, you’ll get access to the system’s debug menu. You can also install games from outside the PlayStation Store, but you cannot run third-party software.
Modder Lance McDonald tested the jailbreak and was able to install the PT demo, the famous teaser of the canceled Silent Hills game. However, he was unable to start playing the game. Although the exploit offers read/write access to the PS5, there is currently no way to execute the downloaded files. In any case, PT is not backwards compatible with PS5.
It is currently unlikely that this jailbreak will be widely used anytime soon due to its limitations and the fact that Sony can ban modder accounts. On top of that, there is a risk of locking the console at that time. However, it may give other hackers and modders a foundation to build more robust jailbreak tools.
Hacker Hacked Fast Company’s Apple News Account and Spread Racist Messages
An unknown hacker was able to access the business publication Fast Company’s Apple News account and sent out a series of obscene and racist messages via push notifications. Subscribers are the victims.
Fast Company confirmed the hack, and so did Apple. The incident is currently under investigation.
“Fast Company’s Apple News account was hacked Tuesday night. After that, two push notifications with obscene and racist content were sent with a minute interval. The messages are disgusting and do not match Fast Company content. We are investigating the incident and have also paused feed updates and closed FastCompany.com until we are confident the situation has been resolved.“, – noted in the publication.
Shortly before the shutdown, the hacker himself posted an entire article on the Fast Company website, where he described in detail how he managed to bypass the protection. It turned out that the accounts on the site were protected by the same password, this also applies to the account of the site administrator. Having gained access to them, the hacker was able to get to the authentication tokens and log in to Apple News.
At the same time, in addition to hooliganism, no financial losses or manipulations were recorded.
Young hacker who leaked GTA 6 material denies his guilt
The 17-year-old hacker, who was previously arrested in the UK on suspicion of hacking Rockstar Games and Uber, has pleaded not guilty. According to police, he appeared in court over the weekend, but refused to plead guilty to PC misuse. At the same time, he admitted that he violated the conditions of release on bail. Now he is being held in a juvenile detention center.
According to investigators, the 17-year-old is part of the Lapsus$ hacker group and is behind the recent leak of videos and other details of the $2 billion GTA 6 game.
Earlier, a hacker under the nickname teapotuberhacker published an archive with video and source code from an early version of GTA 6, which has already gone viral. Take-Two tried to stop the spread of the leak, but it was only partially successful.
The hacker also said that it was he who attacked the Uber computer system, gaining access to correspondence, email addresses, and so on.
At the moment, the investigation is ongoing, so it is not yet clear how this story will end.
Micron invests up to $100 billion in semiconductor manufacturing in New York State
Micron Technology intends to invest up to $100 billion over the next 20 years to build a manufacturing facility in...
Missiles no longer needed? Space catapult SpinLaunch successfully sent a payload into orbit for the tenth time
SpinLaunch announced the results of the tenth successful flight test of its rocket-free space launch technology, the Orbital Launch system....
World’s first laptop with RISC-V processor goes on sale It costs $1,500
The ROMA laptop, the world’s first portable computer based on the RISC-V processor, which was introduced last summer, appeared on...
Images taken from the James Webb telescope have been improved by adding “X-ray vision” to them.
The images obtained by the James Webb space observatory were supplemented with Chandra X-rays, as reported on the official page...
Laptops5 days ago
The Asus Zenbook 17 Fold OLED, the world’s first 17.3-inch foldable laptop, goes on sale
Phones4 days ago
“iPhone 13 Pro Max battery is draining like crazy. Apple needs to do something about this.” A common problem in iOS 16 has not gone away
Electric Cars4 days ago
“I have expensive cars, I play golf and caress women with large breasts.” One of the leaders of Apple was fired after a bad joke
News5 days ago
55 inches, 4K, HDR, Dolby Vision, powerful sound and Dolby Audio – just over $300. Redmi X55T goes on sale in China