🕴 Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System 🕴
📖 Read
via "Dark Reading".
"PwnedPiper" flaws could allow attackers to disrupt delivery of lab samples or steal hospital employee credentials, new research shows.📖 Read
via "Dark Reading".
Dark Reading
Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System
'PwnedPiper' flaws could allow attackers to disrupt delivery of lab samples, or steal hospital employee credentials, new research shows.
‼ CVE-2021-37164 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a stack-based buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37160 ‼
📖 Read
via "National Vulnerability Database".
A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37216 ‼
📖 Read
via "National Vulnerability Database".
QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37167 ‼
📖 Read
via "National Vulnerability Database".
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of the functionality of the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37162 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malformed UDP message, a buffer underflow occurs, leading to an out-of-bounds copy and possible remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37166 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and takes extensive time for the GUI to connect to the TCP socket, allowing the connection to be hijacked by an external attacker.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20332 ‼
📖 Read
via "National Vulnerability Database".
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credentials. Note that such monitoring is not enabled by default.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37161 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37163 ‼
📖 Read
via "National Vulnerability Database".
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.📖 Read
via "National Vulnerability Database".
🛠 SQLMAP - Automatic SQL Injection Tool 1.5.8 🛠
📖 Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.📖 Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.5.8 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🦿 Behind the scenes: A day in the life of a cybersecurity expert 🦿
📖 Read
via "Tech Republic".
Leading a team is kind of like when a burglar alarm goes off and "you're the police," says the head of cybersecurity at ExpressVPN.📖 Read
via "Tech Republic".
TechRepublic
Behind the scenes: A day in the life of a cybersecurity expert
Leading a team is kind of like when a burglar alarm goes off and "you're the police," says the head of cybersecurity at ExpressVPN.
🦿 Set up an SSH tarpit in Ubuntu Server 20.04: Here's how 🦿
📖 Read
via "Tech Republic".
You can add an SSH tarpit to Ubuntu Server with the help of endlessh. Jack Wallen shows you how.📖 Read
via "Tech Republic".
TechRepublic
Set up an SSH tarpit in Ubuntu Server 20.04: Here's how
You can add an SSH tarpit to Ubuntu Server with the help of endlessh. Jack Wallen shows you how.
‼ CVE-2021-29741 ‼
📖 Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37840 ‼
📖 Read
via "National Vulnerability Database".
aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host). Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome).📖 Read
via "National Vulnerability Database".
🕴 New Normal Demands New Security Leadership Structure 🕴
📖 Read
via "Dark Reading".
At the inaugural Omdia Analyst Summit, experts discuss where the past year has created gaps in traditional security strategy and how organizations can fill them.📖 Read
via "Dark Reading".
Dark Reading
New Normal Demands New Security Leadership Structure
At the inaugural Omdia Analyst Summit, experts discuss where the past year has created gaps in traditional security strategy and how organizations can fill them.
❌ Chipotle Emails Serve Up Phishing Lures ❌
📖 Read
via "Threat Post".
Mass email distribution service compromise mirrors earlier Nobelium attacks.📖 Read
via "Threat Post".
Threat Post
Chipotle Emails Serve Up Phishing Lures
Mass email distribution service compromise mirrors earlier Nobelium attacks.
🔏 Vigilance Needed: Financial Services Firms Fight Imposter Scams 🔏
📖 Read
via "".
To tamp down on fraud and fight back against a new investment scam, the FBI and SEC is providing new guidance for investors to combat imposters.📖 Read
via "".
Digital Guardian
Vigilance Needed: Financial Services Firms Fight Imposter Scams
To tamp down on fraud and fight back against a new investment scam, the FBI and SEC is providing new guidance for investors to combat imposters.
❌ ❌
📖 Read
via "Threat Post".
Vulnerability Name Affected Component CVE# Date Underflow in udpRXThread HMI3 Control Panel in: Nexus Panel CVE-2021-37161 02/08/2021 Overflow in sccProcessMsg HMI3 Control Panel in: Nexus Panel CVE-2021-37162 02/08/2021 Overflow in hmiProcessMsg HMI3 Control Panel in: Nexus Panel CVE-2021-37165 02/08/2021 Off-by-three stack overflow in tcpTxThread HMI3 Control Panel in: Nexus Panel CVE-2021-37164 02/08/2021 GUI socket Denial […]📖 Read
via "Threat Post".
‼ CVE-2021-32810 ‼
📖 Read
via "National Vulnerability Database".
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33196 ‼
📖 Read
via "National Vulnerability Database".
Go before 1.15.12 and 1.16.x before 1.16.5 attempts to allocate excessive memory (issue 1 of 2).📖 Read
via "National Vulnerability Database".