Delta Electronics Model DX-2100-L1-CN

Risk evaluation has revealed two vulnerabilities in the web configuration service of a certain device. The first vulnerability is an authenticated command injection which, if the attacker has the necessary credentials, could allow them to gain full control of the device. The second vulnerability is a stored cross-site scripting vulnerability which could be used to execute remote code. To mitigate the risk of exploitation, Delta Electronics has released a patch and CISA recommends users take defensive measures such as minimizing network exposure and using secure methods such as Virtual Private Networks. CISA also provides a section for control systems security recommended practices and has published a technical information paper with additional mitigation guidance and recommended practices. If suspicious activity is observed, organizations should report it to CISA.

This Cyber News was published on us-cert.cisa.gov. Publication date: Thu, 02 Feb 2023 17:44:03 +0000


Cyber News related to Delta Electronics Model DX-2100-L1-CN

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
10 months ago Cisa.gov
Delta Dental of California data breach exposed info of 7 million people - Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental of California is a dental insurance provider ...
9 months ago Bleepingcomputer.com
Delta Electronics InfraSuite Device Master - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and obtain plaintext credentials. In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows ...
10 months ago Cisa.gov
Best of 2023: Diamond Model of Intrusion Analysis: A Quick Guide - Any intrusion into a network calls for a thorough analysis to give security teams cyber intelligence about different threats and to help thwart similar future attacks. Effective incident analysis has long been held back by uncertainty and high false ...
9 months ago Securityboulevard.com
How to detect poisoned data in machine learning datasets - Almost anyone can poison a machine learning dataset to alter its behavior and output substantially and permanently. With careful, proactive detection efforts, organizations could retain weeks, months or even years of work they would otherwise use to ...
8 months ago Venturebeat.com
Delta Dental says data breach exposed info of 7 million people - Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental is a dental insurance provider that covers 85 million people ...
9 months ago Bleepingcomputer.com
How machine learning helps us hunt threats | Securelist - In this post, we will share our experience hunting for new threats by processing Kaspersky Security Network (KSN) global threat data with ML tools to identify subtle new Indicators of Compromise (IoCs). The model can process and learn from millions ...
6 days ago Securelist.com
Establishing Reward Criteria for Reporting Bugs in AI Products - At Google, we maintain a Vulnerability Reward Program to honor cutting-edge external contributions addressing issues in Google-owned and Alphabet-subsidiary Web properties. To keep up with rapid advances in AI technologies and ensure we're prepared ...
9 months ago Darkreading.com
Protect AI Unveils Gateway to Secure AI Models - Protect AI today launched a Guardian gateway that enables organizations to enforce security policies to prevent malicious code from executing within an artificial intelligence model. Guardian is based on ModelScan, an open source tool from Protect AI ...
8 months ago Securityboulevard.com
Flaws in Delta OT Monitoring Product Can Allow Hackers to Hide Destructive Activities - Critical vulnerabilities in a Delta Electronics operational technology monitoring product can allow hackers to hide destructive activities from the targeted organization's employees. The affected product is Delta's InfraSuite Device Master and the ...
9 months ago Securityweek.com
CVE-2019-6332 - A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model ...
4 years ago
Securing AI: Navigating the Complex Landscape of Models, Fine-Tuning, and RAG - It underscores the urgent need for robust security measures and proper monitoring in developing, fine-tuning, and deploying AI models. The emergence of advanced models, like Generative Pre-trained Transformer 4, marks a new era in the AI landscape. ...
9 months ago Feedpress.me
Top LLM vulnerabilities and how to mitigate the associated risk - As large language models become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. While the AI threat landscape changes every day, there are a handful of LLM vulnerabilities that we know pose significant risk ...
8 months ago Helpnetsecurity.com
Delta Electronics InfraSuite Device Master - RISK EVALUATION. Successful exploitation of this vulnerability could allow remote code execution. Delta Electronics InfraSuite Device Master contains a deserialization of untrusted data vulnerability because it runs a version of Apache ActiveMQ which ...
4 months ago Cisa.gov
MongoDB issues weekend warning of breach The Register - Critical vulnerabilities: The not-patch-Tuesday list. As is usually the case this time of month, the most pressing vulnerabilities of recent days were revealed/patched in Patch Tuesday releases. CVSS 9.8 - So many CVEs: Siemens SIMATIC S7-1500 CPU ...
9 months ago Go.theregister.com
Delta Electronics Model DX-2100-L1-CN - Risk evaluation has revealed two vulnerabilities in the web configuration service of a certain device. The first vulnerability is an authenticated command injection which, if the attacker has the necessary credentials, could allow them to gain full ...
1 year ago Us-cert.cisa.gov
CVE-2016-4863 - The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with ...
7 years ago
Addressing Deceptive AI: OpenAI Rival Anthropic Uncovers Difficulties in Correction - There is a possibility that artificial intelligence models can be trained to deceive. According to a new research led by Google-backed AI startup Anthropic, if a model exhibits deceptive behaviour, standard techniques cannot remove the deception and ...
8 months ago Cysecurity.news
Delta Dental of California Discloses Data Breach Impacting 6.9 Million People - Dental insurance giant Delta Dental of California is informing more than 6.9 million individuals that their personal information was compromised as result of the MOVEit hacking incident. In notification letters it started sending out last week to the ...
9 months ago Securityweek.com
CVE-2019-19118 - Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be ...
4 years ago
Adapting Security to Protect AI/ML Systems - As companies race to integrate AI and machine learning into every facet of their operations, they are also introducing new security and risk challenges. While some of the same risks that apply in traditional IT security continue to be relevant in ...
8 months ago Darkreading.com
JFrog, AWS team up for machine learning in the cloud - Software supply chain provider JFrog is integrating with the Amazon SageMaker cloud-based machine learning platform to incorporate machine learning models into the software development lifecycle. The JFrog platform integration with Amazon SageMaker, ...
8 months ago Infoworld.com
The 7 Core Pillars of a Zero-Trust Architecture - The zero-trust framework is gaining traction in the enterprise due to its security benefits. Organizations are increasingly adopting a zero-trust model in their security programs, replacing the traditional perimeter-based security model. The ...
4 months ago Techtarget.com
Feds arrest Russians accused of tech smuggling operation The Register - Three Russian nationals were arrested in New York yesterday on charges of moving electronics components worth millions to sanctioned entities in Russia, pieces of which were later recovered on battlefields in Ukraine. Nikolay Goltsev, a ...
10 months ago Theregister.com
Improving Software Quality with the OWASP BOM Maturity Model - With his years of work on the CycloneDX standard, Springett understands the issues holding back SBOM usage-particularly when it comes to standardization, dependency tracking, and verification. Not to mention, he also chaired OWASP's Software ...
7 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)