All news with #session management flaw tag

🔒 Enterprise security must stop reflexively blocking tools and start governing browser sessions. The article argues that legacy controls—kernel‑hooking agents, SSL inspection and URL blocks—create a "Workaround Economy" where users move sensitive data to unmanaged apps and extensions. It urges a shift to session‑level governance with prompt‑level DLP, extension risk scoring, and agentless clipboard/upload controls to enable productivity while reducing blind spots.

🔒 This advisory details critical authentication and session-management flaws in Mobiliti's e-mobi.hu charging platform that could permit unauthorized administrative access, session hijacking, and denial-of-service against chargers and backend services. Affected versions include all released e-mobi.hu builds. Operators should restrict network exposure, isolate charging networks behind firewalls, and contact Mobiliti support for vendor guidance.

🔒 Siemens reported Cross-Site Request Forgery and incorrect permission assignment vulnerabilities affecting SICAM P850 and P855 devices (versions prior to 3.11). Exploitation could allow attackers to perform actions as authenticated users or impersonate sessions. Siemens recommends updating to v3.11+, restricting TCP/443 to trusted IPs, and hardening network access; CISA advises isolating control networks and avoiding internet exposure.