ATENTIONβΌ New - CVE-2017-7510
π Read
via "National Vulnerability Database".
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-3956
π Read
via "National Vulnerability Database".
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1014
π Read
via "National Vulnerability Database".
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1012
π Read
via "National Vulnerability Database".
Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1007
π Read
via "National Vulnerability Database".
A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.π Read
via "National Vulnerability Database".
π΄ Attackers Compromise ASUS Software Update Servers to Distribute Malware π΄
π Read
via "Dark Reading: ".
ShadowHammer campaign latest to highlight dangers of supply chain attacks.π Read
via "Dark Reading: ".
Darkreading
Attackers Compromise ASUS Software Update Servers to Distribute Malware
ShadowHammer campaign latest to highlight dangers of supply chain attacks.
β ThreatList: Remote Workers Threaten 1 in 3 Organizations β
π Read
via "Threatpost".
More than one-third of surveyed organizations (36 percent) said have experienced a security incident because of a remote worker's actions.π Read
via "Threatpost".
Threat Post
ThreatList: Remote Workers Threaten 1 in 3 Organizations
More than one-third of surveyed organizations (36 percent) said they have experienced a security incident because of a remote worker's actions.
ATENTIONβΌ New - CVE-2017-7340
π Read
via "National Vulnerability Database".
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-9189
π Read
via "National Vulnerability Database".
Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-9187
π Read
via "National Vulnerability Database".
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.π Read
via "National Vulnerability Database".
π One reason why you shouldn't allow your web browser to save your passwords π
π Read
via "Security on TechRepublic".
Jack Wallen explains why you should never allow your web browser to save passwords--and what you should do instead.π Read
via "Security on TechRepublic".
ATENTIONβΌ New - CVE-2017-7342
π Read
via "National Vulnerability Database".
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close buttonπ Read
via "National Vulnerability Database".
π΄ Pwn2Own: Tesla Hack, Broken VMs, and Skewed Economics π΄
π Read
via "Dark Reading: ".
In the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewards-just like the real marketplace.π Read
via "Dark Reading: ".
Dark Reading
Pwn2Own: Tesla Hack, Broken VMs, and Skewed Economics
In the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewardsβjust like the real market
β Family tracking app spilled pics, names and real-time location data β
π Read
via "Naked Security".
A journalist/researcher team got a sensitive database taken down after the vendor responsible failed to acknowledge a problem.π Read
via "Naked Security".
Naked Security
Family tracking app spilled pics, names and real-time location data
A journalist/researcher team got a sensitive database taken down after the vendor responsible failed to acknowledge a problem.
β Tech giants back bill that privacy advocates claim is toothless β
π Read
via "Naked Security".
The main disagreement: if consumers will be able to delete their data or whether the law would give companies ways to wiggle out.π Read
via "Naked Security".
Naked Security
Tech giants back bill that privacy advocates claim is toothless
The main disagreement: if consumers will be able to delete their data or whether the law would give companies ways to wiggle out.
β FEMA exposes sensitive data of 2.5 million disaster survivors β
π Read
via "Naked Security".
The agency said it exposed 2.3m people's details in a βmajor privacy incidentβ involving a contractor that set up temporary housing.π Read
via "Naked Security".
Naked Security
FEMA exposes sensitive data of 2.3 million disaster survivors
The agency said it exposed 2.3m peopleβs details in a βmajor privacy incidentβ involving a contractor that set up temporary housing.
π Why data security is now a top concern for IT leaders π
π Read
via "Security on TechRepublic".
The ability to use artificial intelligence effectively is also a large concern for IT decision makers.π Read
via "Security on TechRepublic".
TechRepublic
Why data security is now a top concern for IT leaders
The ability to use artificial intelligence effectively is also a large concern for IT decision makers.
π΄ Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract' π΄
π Read
via "Dark Reading: ".
Ret. Admiral Michael Rogers - who served as head of the NSA and the US Cyber Command from 2014 to 2018 - on how to handle the risk of insiders exposing an organization's sensitive data.π Read
via "Dark Reading: ".
Dark Reading
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
Ret. Admiral Michael Rogers - who served as head of the NSA and the US Cyber Command from 2014 to 2018 - on how to handle the risk of insiders exposing an organization's sensitive data.
π 5 IT security roles businesses are most desperate to fill π
π Read
via "Security on TechRepublic".
Organizations are facing more difficulty filling security roles now than in previous years, according to a CyberEdge report.π Read
via "Security on TechRepublic".
TechRepublic
5 IT security roles businesses are most desperate to fill
Organizations are facing more difficulty filling security roles now than in previous years, according to a CyberEdge report.
β Apple iOS 12.2 Patches 51 Serious Flaws β
π Read
via "Threatpost".
Apple patched more than 50 flaws in iOS 12.2, including an array of bugs in Webkit and a vulnerability that allows apps to secretly listen to users.π Read
via "Threatpost".
Threat Post
Apple iOS 12.2 Patches 51 Serious Flaws
Apple patched more than 50 flaws in iOS 12.2, including an array of bugs in Webkit and a vulnerability that allows apps to secretly listen to users.
π Top Tips for Improving Board Communication Around Security π
π Read
via "Subscriber Blog RSS Feed ".
A panel of security professionals discuss the the top three tips for how CISOs and risk officers can help improve board communication around securityπ Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Top Tips for Improving Board Communication Around Security
A panel of security professionals discuss the the top three tips for how CISOs and risk officers can help improve board communication around security