ATENTIONβΌ New - CVE-2014-5431
π Read
via "National Vulnerability Database".
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-5401
π Read
via "National Vulnerability Database".
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-2807
π Read
via "National Vulnerability Database".
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?Total Record Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size? that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-2806
π Read
via "National Vulnerability Database".
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the ?End of Current Record? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to a specifically oversized value, the service will calculate an undersized value for the ?Total Record Size.? Then the service will calculate an incorrect value for the ?End of Current Record? field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599π Read
via "National Vulnerability Database".
π΄ 87% of Cloud Pros Say Visibility Masks Security π΄
π Read
via "Dark Reading: ".
The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.π Read
via "Dark Reading: ".
Dark Reading
87% of Cloud Pros Say Visibility Masks Security
The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.
π Top 5 barriers to AI security adoption π
π Read
via "Security on TechRepublic".
AI's immaturity and the lack of time and resources needed to implement the technology are the two top hurdles to adoption, according to a Cylance report.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 barriers to AI security adoption
AI's immaturity and the lack of time and resources needed to implement the technology are the two top hurdles to adoption, according to a Cylance report.
π The Dark Web: Here's what criminals can find out about you π
π Read
via "Security on TechRepublic".
Graham Kates, an investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.π Read
via "Security on TechRepublic".
TechRepublic
The Dark Web: Here's what criminals can find out about you
Graham Kates, an investigative reporter, shares the types of data cybercriminals can look up about anyone on the Dark Web.
π΄ Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger? π΄
π Read
via "Dark Reading: ".
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.π Read
via "Dark Reading: ".
Darkreading
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
ATENTIONβΌ New - CVE-2013-2805
π Read
via "National Vulnerability Database".
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the ?Record Data Size? field. By sending a datagram to the service over Port 4444/UDP with the ?Record Data Size? field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-5305
π Read
via "National Vulnerability Database".
The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product?s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.π Read
via "National Vulnerability Database".
π΄ Insurers Collaborate on Cybersecurity Ratings π΄
π Read
via "Dark Reading: ".
A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval.π Read
via "Dark Reading: ".
Dark Reading
Insurers Collaborate on Cybersecurity Ratings
A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval.
π΄ Small Businesses Turn to Managed Service Providers for Security π΄
π Read
via "Dark Reading: ".
The average cost of a cyberattack at an SMB is $54,650, a new study shows.π Read
via "Dark Reading: ".
Dark Reading
Small Businesses Turn to Managed Service Providers for Security
The average cost of a cyberattack at an SMB is $54,650, a new study shows.
π΄ ASUS 'ShadowHammer' Attack Underscores Trusted Third-Party Risks π΄
π Read
via "Dark Reading: ".
Taiwanese computer maker says it has fixed issue that allowed attackers to distribute malware via company's automatic software update mechanism.π Read
via "Dark Reading: ".
Darkreading
ASUS 'ShadowHammer' Attack Underscores Trusted Third-Party Risks
Taiwanese computer maker says it has fixed issue that allowed attackers to distribute malware via company's automatic software update mechanism.
π΄ Russia Regularly Spoofs Regional GPS π΄
π Read
via "Dark Reading: ".
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.π Read
via "Dark Reading: ".
Dark Reading
Russia Regularly Spoofs Regional GPS
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.
ATENTIONβΌ New - CVE-2016-10744
π Read
via "National Vulnerability Database".
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.π Read
via "National Vulnerability Database".
β DragonEx exchange hacked, smoking ashes being raked over β
π Read
via "Naked Security".
βPartβ of its assets have been retrieved, and they've got an address for a suddenly much plumper Bittrex wallet.π Read
via "Naked Security".
Naked Security
DragonEx exchange hacked, smoking ashes being raked over
βPartβ of its assets have been retrieved, and theyβve got an address for a suddenly much plumper Bittrex wallet.
β Preinstalled Android apps are harvesting and sharing your data β
π Read
via "Naked Security".
New research reveals that the bloatware preinstalled on many new Android phones could do far more than simply chew up your storage.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Ransomware Behind Norsk Hydro Attack Takes On Wiper-Like Capabilities β
π Read
via "Threatpost".
Researchers are still looking for answers when it comes to LockerGoga's initial infection method - and what the attackers behind the ransomware really want.π Read
via "Threatpost".
Threat Post
Ransomware Behind Norsk Hydro Attack Takes On Wiper-Like Capabilities
Researchers are still looking for answers when it comes to LockerGoga's initial infection method - and what the attackers behind the ransomware really want.
π 6 things keeping IoT pros up at night π
π Read
via "Security on TechRepublic".
Implementation and security are the top concerns among professionals involved in the Internet of Things, according to a survey from the organizers of IoT World 2019.π Read
via "Security on TechRepublic".
TechRepublic
6 things keeping IoT pros up at night
Implementation and security are the top concerns among professionals involved in the Internet of Things, according to a survey from the organizers of IoT World 2019.
π 3 security threats businesses need to prepare for by 2021 π
π Read
via "Security on TechRepublic".
IoT and digital transformation efforts will leave more businesses vulnerable to cyberattack, according to Information Security Forum.π Read
via "Security on TechRepublic".
TechRepublic
3 security threats businesses need to prepare for by 2021
IoT and digital transformation efforts will leave more businesses vulnerable to cyberattack, according to Information Security Forum.
β Facebookβs Whitehat Settings lets bug-hunters dial back app security β
π Read
via "Naked Security".
The "Whitehat" settings will help researchers to analyze network traffic from its mobile apps by dialling back security settings.π Read
via "Naked Security".
Naked Security
Facebookβs Whitehat Settings lets bug-hunters dial back app security
The βWhitehatβ settings will help researchers to analyze network traffic from its mobile apps by dialling back security settings.