ATENTIONβΌ New - CVE-2017-18373
π Read
via "National Vulnerability Database".
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18372
π Read
via "National Vulnerability Database".
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18371
π Read
via "National Vulnerability Database".
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18370
π Read
via "National Vulnerability Database".
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18369
π Read
via "National Vulnerability Database".
The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18368
π Read
via "National Vulnerability Database".
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.π Read
via "National Vulnerability Database".
π΄ Security Depends on Careful Design π΄
π Read
via "Dark Reading: ".
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.π Read
via "Dark Reading: ".
Darkreading
Security Depends on Careful Design
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
β D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream β
π Read
via "Threatpost".
Researchers warn customers to reconsider the use of the cameraβs remote access feature if the device is monitoring highly sensitive areas of their household or company.π Read
via "Threatpost".
Threat Post
D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream
Researchers warn customers to reconsider the use of the cameraβs remote access feature if the device is monitoring highly sensitive areas of their household or company.
π΄ Security Doesn't Trust IT - and IT Doesn't Trust Security π΄
π Read
via "Dark Reading: ".
How a rocky relationship between IT operations and cybersecurity teams can compound security risks.π Read
via "Dark Reading: ".
Darkreading
Security Doesn't Trust IT β and IT Doesn't Trust Security
How a rocky relationship between IT operations and cybersecurity teams can compound security risks.
π΄ Misconfigured Ladders Database Exposed 13M User Records π΄
π Read
via "Dark Reading: ".
Job-hunting site Ladders leaves job seeker data exposed on the Internet.π Read
via "Dark Reading: ".
Darkreading
Misconfigured Ladders Database Exposed 13M User Records
Job-hunting site Ladders leaves job seeker data exposed on the Internet.
π How to use the Enpass Password Audit tools π
π Read
via "Security on TechRepublic".
If Enpass is your password manager of choice, there are three handy audit tools you should be using. Jack Wallen explains.π Read
via "Security on TechRepublic".
π How to use the Enpass password audit tools π
π Read
via "Security on TechRepublic".
Use Enpass audit tools to identify weak, identical, and old passwords.π Read
via "Security on TechRepublic".
TechRepublic
How to use the Enpass password audit tools
Use Enpass audit tools to identify weak, identical, and old passwords.
β Critical Flaws Found in Eight Wireless Presentation Systems β
π Read
via "Threatpost".
Crestron, Barco wePresent, Extron ShareLink and more wireless presentation systems have an array of critical flaws.π Read
via "Threatpost".
Threat Post
Critical Flaws Found in Eight Wireless Presentation Systems
Crestron, Barco wePresent, Extron ShareLink and more wireless presentation systems have an array of critical flaws.
π΄ New Exploits For Old Configuration Issues Heighten Risk for SAP Customers π΄
π Read
via "Dark Reading: ".
Exploits give attackers a way to create havoc in business-critical SAP ERP, CRM, SCM, and other environments, Onapsis says.π Read
via "Dark Reading: ".
Darkreading
New Exploits For Old Configuration Issues Heighten Risk for SAP Customers
Exploits give attackers a way to create havoc in business-critical SAP ERP, CRM, SCM, and other environments, Onapsis says.
β Google rolling out auto-delete for your location and activity history β
π Read
via "Naked Security".
Auto-delete will hopefully please those of us who haven't already turned off location history altogether (for very good reason).π Read
via "Naked Security".
Naked Security
Google rolling out auto-delete for your location and activity history
Auto-delete will hopefully please those of us who havenβt already turned off location history altogether (for very good reason).
β Cybersecurity experts battle for right to repair β
π Read
via "Naked Security".
A battle rages between manufacturers and users over who can repair a product, with tech companies using security concerns as a weapon.π Read
via "Naked Security".
Naked Security
Cybersecurity experts battle for right to repair
A battle rages between manufacturers and users over who can repair a product, with tech companies using security concerns as a weapon.
β Cryptocoin theft, scam and fraud could total more than $1.2b in Q1 β
π Read
via "Naked Security".
Crooks have developed "ingenious" new ways to drain user accounts and wallets, CipherTrace says, prodding regulators into action.π Read
via "Naked Security".
Naked Security
Cryptocoin theft, scam and fraud could total more than $1.2b in Q1
Crooks have developed βingeniousβ new ways to drain user accounts and wallets, CipherTrace says, prodding regulators into action.
β Criminals are hiding in Telegram β but backdoors are not the answer β
π Read
via "Naked Security".
When it comes to an easy life, the criminals behind the fearful Anubis banking malware have become big fans of Twitter and, increasingly, the secure messaging of Telegram.π Read
via "Naked Security".
Naked Security
Criminals are hiding in Telegram β but backdoors are not the answer
When it comes to an easy life, the criminals behind the fearful Anubis banking malware have become big fans of Twitter and, increasingly, the secure messaging of Telegram.
π Why consumers still don't trust IoT devices π
π Read
via "Security on TechRepublic".
Privacy and security concerns frequently drive consumer smart device buying decisions, according to an Internet Society and Consumers International report.π Read
via "Security on TechRepublic".
TechRepublic
Why consumers still don't trust IoT devices
Privacy and security concerns frequently drive consumer smart device buying decisions, according to an Internet Society and Consumers International report.
π Why older employees are less likely to get tricked by phishing attacks π
π Read
via "Security on TechRepublic".
While Gen Zers think they won't fall for phishing scams, most don't even know what "phishing" means, according to a Google report.π Read
via "Security on TechRepublic".
TechRepublic
Why older employees are less likely to get tricked by phishing attacks
While Gen Zers think they won't fall for phishing scams, most don't even know what "phishing" means, according to a Google report.
π΄ How Storytelling Can Help Keep Your Company Safe π΄
π Read
via "Dark Reading: ".
Well-crafted narratives can help you win over users in the battle to develop a sustainable cybersecurity culture.π Read
via "Dark Reading: ".
Dark Reading
How Storytelling Can Help Keep Your Company Safe
Well-crafted narratives can help you win over users in the battle to develop a sustainable cybersecurity culture.