ATENTIONβΌ New - CVE-2018-1000631
π Read
via "National Vulnerability Database".
Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000630
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000629
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000628
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when accessing API functions, an attacker could exploit this vulnerability to execute API functions.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000627
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000626
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000625
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000624
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system.π Read
via "National Vulnerability Database".
π΄ US Petroleum Employee Charged with Stealing Trade Secrets for Chinese Firm π΄
π Read
via "Dark Reading: ".
Longtime US resident allegedly stole information for petroleum firm in China that had offered him a position.π Read
via "Dark Reading: ".
Dark Reading
US Petroleum Employee Charged with Stealing Trade Secrets for Chinese Firm
Longtime US resident allegedly stole information for petroleum firm in China that had offered him a position.
β First-Ever UEFI Rootkit Tied to Sednit APT β
π Read
via "Threatpost | The first stop for security news".
Researcher at ESET outlines research on the first successful UEFI rootkit used in the wild.π Read
via "Threatpost | The first stop for security news".
Threat Post
First-Ever UEFI Rootkit Tied to Sednit APT
Researcher at ESET outlines research on the first successful UEFI rootkit used in the wild.
β How to secure your Twitter account β
π Read
via "Naked Security".
There's no need to make it easier for someone who wants to hijack your Twitter account. Here's how to lock it down in just a few minutes.π Read
via "Naked Security".
Naked Security
How to secure your Twitter account
Thereβs no need to make it easier for someone who wants to hijack your Twitter account. Hereβs how to lock it down in just a few minutes.
β βSnowden Refugeeβ Has No Regrets for Helping Whistleblower β
π Read
via "Threatpost | The first stop for security news".
Woman who helped hide Edward Snowden faces uncertain future and says she has no regrets.π Read
via "Threatpost | The first stop for security news".
Threat Post
βSnowden Refugeeβ Has No Regrets for Helping Whistleblower
Woman who helped hide Edward Snowden faces uncertain future and says she has no regrets.
β How Facebooks Tracks Non-Users via Android Apps β
π Read
via "Threatpost | The first stop for security news".
Facebook tracks Android users via apps, even if they arenβt Facebook users.π Read
via "Threatpost | The first stop for security news".
Threat Post
How Facebook Tracks Non-Users via Android Apps
Facebook tracks Android users via apps, even if they arenβt Facebook users.
β How to secure your Instagram account using 2FA β
π Read
via "Naked Security".
It's a good idea to set up multi-factor authentication (2FA) on all your social accounts, so here we explain how to do that for Instagram.π Read
via "Naked Security".
Naked Security
How to secure your Instagram account using 2FA
Itβs a good idea to set up multi-factor authentication (2FA) on all your social accounts, so here we explain how to do that for Instagram.
β Cryptocurrency Wallet Hacks Spark Dustup β
π Read
via "Threatpost | The first stop for security news".
Cryptocurrency wallets Trezor and Ledger are vulnerable to a number of different type attacks, researchers say.π Read
via "Threatpost | The first stop for security news".
Threat Post
Cryptocurrency Wallet Hacks Spark Dustup
Cryptocurrency wallets Trezor and Ledger are vulnerable to a number of different type attacks, researchers say.
β Malware Attack Crippled Production of Major U.S. Newspapers β
π Read
via "Threatpost | The first stop for security news".
Reports have linked the attack to the Ryuk ransomware.π Read
via "Threatpost | The first stop for security news".
Threat Post
Malware Attack Crippled Production of Major U.S. Newspapers
Reports have linked the attack to the Ryuk ransomware.
π How to recover from cybersecurity incidents: A 5-step plan π
π Read
via "Security on TechRepublic".
Cybersecurity prevention is essential, but it is failing miserably. Focus on how to recover from cybersecurity events by following these tips.π Read
via "Security on TechRepublic".
TechRepublic
How to recover from cybersecurity incidents: A 5-step plan
Cybersecurity prevention is essential, but it is failing miserably. Focus on how to recover from cybersecurity events by following these tips.
π How to use a password manager on your iPhone or iPad π
π Read
via "Security on TechRepublic".
You can use a password manager on your iOS device to easily sign into secure websites and mobile apps. Learn how to do so in iOS 12.π Read
via "Security on TechRepublic".
TechRepublic
How to use a password manager on your iPhone or iPad
You can use a password manager on your iOS device to easily sign into secure websites and mobile apps. Learn how to do so in iOS 12.
π The solution to dysfunctional cybersecurity and network teams π
π Read
via "Security on TechRepublic".
Learn why it's critical to resolve trust issues and promote collaboration between your cybersecurity and network teams.π Read
via "Security on TechRepublic".
TechRepublic
The solution to dysfunctional cybersecurity and network teams
Learn why it's critical to resolve trust issues and promote collaboration between your cybersecurity and network teams.
π How SMBs can minimize damage from ransomware attacks π
π Read
via "Security on TechRepublic".
The costs incurred from a ransomware attack can devastate SMBs, but there are ways to minimize the impact.π Read
via "Security on TechRepublic".
TechRepublic
How SMBs can minimize damage from ransomware attacks
The costs incurred from a ransomware attack can devastate SMBs, but there are ways to minimize the impact.
β Threatlist: Dark Web Markets See an Evolution in Q3 β
π Read
via "Threatpost | The first stop for security news".
Vulnerabilities, stolen credentials and an evolution of marketplaces mark the Dark Web in Q3.π Read
via "Threatpost | The first stop for security news".
Threat Post
Threatlist: Dark Web Markets See an Evolution in Q3
Vulnerabilities, stolen credentials and an evolution of marketplaces mark the Dark Web in Q3.