ATENTIONβΌ New - CVE-2014-5434
π Read
via "National Vulnerability Database".
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.π Read
via "National Vulnerability Database".
π What criminals can find out about you on the Dark Web π
π Read
via "Security on TechRepublic".
Graham Kates, investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.π Read
via "Security on TechRepublic".
TechRepublic
What criminals can find out about you on the Dark Web
Graham Kates, investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.
π΄ 10 Movies All Security Pros Should Watch π΄
π Read
via "Dark Reading: ".
Don't expect to read about any of the classics, like 'War Games' or 'Sneakers', which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.π Read
via "Dark Reading: ".
Dark Reading
10 Movies All Security Pros Should Watch
Don't expect to read about any of the classics, like 'War Games' or 'Sneakers', which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.
ATENTIONβΌ New - CVE-2014-5433
π Read
via "National Vulnerability Database".
An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-5432
π Read
via "National Vulnerability Database".
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-5431
π Read
via "National Vulnerability Database".
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-5401
π Read
via "National Vulnerability Database".
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-2807
π Read
via "National Vulnerability Database".
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?Total Record Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size? that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-2806
π Read
via "National Vulnerability Database".
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?End of Current Record? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size.? Then the service will calculate an incorrect value for the ?End of Current Record? field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599π Read
via "National Vulnerability Database".
π΄ 87% of Cloud Pros Say Visibility Masks Security π΄
π Read
via "Dark Reading: ".
The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.π Read
via "Dark Reading: ".
Dark Reading
87% of Cloud Pros Say Visibility Masks Security
The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.
π Top 5 barriers to AI security adoption π
π Read
via "Security on TechRepublic".
AI's immaturity and the lack of time and resources needed to implement the technology are the two top hurdles to adoption, according to a Cylance report.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 barriers to AI security adoption
AI's immaturity and the lack of time and resources needed to implement the technology are the two top hurdles to adoption, according to a Cylance report.
π The Dark Web: Here's what criminals can find out about you π
π Read
via "Security on TechRepublic".
Graham Kates, an investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.π Read
via "Security on TechRepublic".
TechRepublic
The Dark Web: Here's what criminals can find out about you
Graham Kates, an investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.
π΄ Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger? π΄
π Read
via "Dark Reading: ".
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.π Read
via "Dark Reading: ".
Darkreading
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
ATENTIONβΌ New - CVE-2013-2805
π Read
via "National Vulnerability Database".
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the ?Record Data Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-5305
π Read
via "National Vulnerability Database".
The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product?s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.π Read
via "National Vulnerability Database".
π΄ Insurers Collaborate on Cybersecurity Ratings π΄
π Read
via "Dark Reading: ".
A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval.π Read
via "Dark Reading: ".
Dark Reading
Insurers Collaborate on Cybersecurity Ratings
A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval.
π΄ Small Businesses Turn to Managed Service Providers for Security π΄
π Read
via "Dark Reading: ".
The average cost of a cyberattack at an SMB is $54,650, a new study shows.π Read
via "Dark Reading: ".
Dark Reading
Small Businesses Turn to Managed Service Providers for Security
The average cost of a cyberattack at an SMB is $54,650, a new study shows.
π΄ ASUS 'ShadowHammer' Attack Underscores Trusted Third-Party Risks π΄
π Read
via "Dark Reading: ".
Taiwanese computer maker says it has fixed issue that allowed attackers to distribute malware via company's automatic software update mechanism.π Read
via "Dark Reading: ".
Darkreading
ASUS 'ShadowHammer' Attack Underscores Trusted Third-Party Risks
Taiwanese computer maker says it has fixed issue that allowed attackers to distribute malware via company's automatic software update mechanism.
π΄ Russia Regularly Spoofs Regional GPS π΄
π Read
via "Dark Reading: ".
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.π Read
via "Dark Reading: ".
Dark Reading
Russia Regularly Spoofs Regional GPS
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.
ATENTIONβΌ New - CVE-2016-10744
π Read
via "National Vulnerability Database".
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.π Read
via "National Vulnerability Database".
β DragonEx exchange hacked, smoking ashes being raked over β
π Read
via "Naked Security".
βPartβ of its assets have been retrieved, and they've got an address for a suddenly much plumper Bittrex wallet.π Read
via "Naked Security".
Naked Security
DragonEx exchange hacked, smoking ashes being raked over
βPartβ of its assets have been retrieved, and theyβve got an address for a suddenly much plumper Bittrex wallet.