ATENTIONβΌ New - CVE-2017-16255
π Read
via "National Vulnerability Database".
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at At 0x9d014e84 the value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280. This buffer is 16 bytes large.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-16254
π Read
via "National Vulnerability Database".
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-16253
π Read
via "National Vulnerability Database".
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.π Read
via "National Vulnerability Database".
π΄ Hacker AI vs. Enterprise AI: A New Threat π΄
π Read
via "Dark Reading: ".
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.π Read
via "Dark Reading: ".
Darkreading
Hacker AI vs. Enterprise AI: A New Threat
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.
π΄ SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats π΄
π Read
via "Dark Reading: ".
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.π Read
via "Dark Reading: ".
Dark Reading
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
β Change your Facebook password now! β
π Read
via "Naked Security".
Facebook has done an audit and shocked even itself by finding plaintext passwords in logfiles back to 2012. Change your password now!π Read
via "Naked Security".
Naked Security
Change your Facebook password now!
Facebook has done an audit and shocked even itself by finding plaintext passwords in logfiles back to 2012. Change your password now!
π΄ Facebook Employees for Years Could See Millions of User Passwords in Plain Text π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
| Facebook Employees for Years Could See Millions of User Passwords in Plain Text
ATENTIONβΌ New - CVE-2018-13798
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-6462
π Read
via "National Vulnerability Database".
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-6461
π Read
via "National Vulnerability Database".
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.π Read
via "National Vulnerability Database".
β WordPress Plugin Removed After Zero Day Discovered β
π Read
via "Threatpost".
The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.π Read
via "Threatpost".
Threat Post
WordPress Plugin Patched After Zero Day Discovered
The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.
π΄ Businesses Manage 9.7PB of Data but Struggle to Protect It π΄
π Read
via "Dark Reading: ".
What's more, their attempts to secure it may be putting information at risk, a new report finds.π Read
via "Dark Reading: ".
Dark Reading
Businesses Manage 9.7PB of Data but Struggle to Protect It
What's more, their attempts to secure it may be putting information at risk, a new report finds.
ATENTIONβΌ New - CVE-2015-6458
π Read
via "National Vulnerability Database".
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-6457
π Read
via "National Vulnerability Database".
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.π Read
via "National Vulnerability Database".
π΄ FIN7 Cybercrime Gang Rises Again π΄
π Read
via "Dark Reading: ".
The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.π Read
via "Dark Reading: ".
Dark Reading
FIN7 Cybercrime Gang Rises Again
The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.
β Scammer pleads guilty to fleecing Facebook and Google of $121m β
π Read
via "Naked Security".
Large, worldly tech companies would never fall for a wire transfer invoice scam, would they?π Read
via "Naked Security".
Naked Security
Scammer pleads guilty to fleecing Facebook and Google of $121m
Large, worldly tech companies would never fall for a wire transfer invoice scam, would they?
β Spycam sex videos of 1,600 motel guests sold to paying subscribers β
π Read
via "Naked Security".
1,600 guests were filmed with hidden webcams that livestreamed the action. The site also sold videos.π Read
via "Naked Security".
Naked Security
Spycam sex videos of 1,600 motel guests sold to paying subscribers
1,600 guests were filmed with hidden webcams that livestreamed the action. The site also sold videos.
β Sacked IT guy annihilates 23 of his ex-employerβs AWS servers β
π Read
via "Naked Security".
He was fired after four weeks, ripped off the credentials of former colleague "Speedy", and will be mulling it all over for two years in jail.π Read
via "Naked Security".
π Data protection: Top 3 business challenges π
π Read
via "Security on TechRepublic".
More than a quarter of businesses experienced irreparable data loss in the past year, according to a Dell EMC survey.π Read
via "Security on TechRepublic".
TechRepublic
Data protection: Top 3 business challenges
More than a quarter of businesses experienced irreparable data loss in the past year, according to a Dell EMC survey.
β Microsoft Windows 7 patch warns of coming patchocalypse β
π Read
via "Naked Security".
Microsoft has issued a patch to remind Windows 7 users that theyβll soon have no patches.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Windows 10 DHCP vulnerability allows for remote code execution π
π Read
via "Security on TechRepublic".
The vulnerability in Windows 10 and Windows Server 2019 gives attackers an entry point for further exploitation when combined with other vulnerabilities.π Read
via "Security on TechRepublic".
TechRepublic
Windows 10 DHCP vulnerability allows for remote code execution
The vulnerability in Windows 10 and Windows Server 2019 gives attackers an entry point for further exploitation when combined with other vulnerabilities.