❌ High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack ❌
📖 Read
via "Threatpost".
Cisco patches two high-severity bugs that could be exploited by remote attackers.📖 Read
via "Threatpost".
Threat Post
High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack
Cisco patches two high-severity bugs that could be exploited by remote attackers.
❌ Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig ❌
📖 Read
via "Threatpost".
Snowballing attacks using a recently patched critical bug show no sign of abating.📖 Read
via "Threatpost".
Threat Post
Oracle WebLogic Exploit-fest Continues with GandCrab Ransomware, XMRig
Snowballing attacks using a recently patched critical bug show no sign of abating.
🔐 The dark web is smaller, and may be less dangerous, than we think 🔐
📖 Read
via "Security on TechRepublic".
Another Dark Web market has been closed, its leaders arrested. Law enforcement seems to be getting a handle on the Dark Web--is it really as big of a threat as it is made out to be?📖 Read
via "Security on TechRepublic".
TechRepublic
The Dark Web is smaller, and may be less dangerous, than we think
Another Dark Web market has been closed, and its leaders arrested. Law enforcement seems to be getting a handle on the Dark Web--is it really as big of a threat as it is made out to be?
ATENTION‼ New - CVE-2018-13990
📖 Read
via "National Vulnerability Database".
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-13983
📖 Read
via "National Vulnerability Database".
ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-13990
📖 Read
via "National Vulnerability Database".
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-13983
📖 Read
via "National Vulnerability Database".
ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php.📖 Read
via "National Vulnerability Database".
🕴 Microsoft Debuts ElectionGuard to Secure Voting Processes 🕴
📖 Read
via "Dark Reading: ".
The new software development kit - free and open source - will be available to election officials and technology suppliers this summer.📖 Read
via "Dark Reading: ".
Dark Reading
Endpoint Security recent news | Dark Reading
Explore the latest news and expert commentary on Endpoint Security, brought to you by the editors of Dark Reading
🕴 'Matrix'-Themed Ransomware Variant Spreads 🕴
📖 Read
via "Dark Reading: ".
MegaCortex uses a compromised domain controller in its attack.📖 Read
via "Dark Reading: ".
Dark Reading
'Matrix'-Themed Ransomware Variant Spreads
MegaCortex uses a compromised domain controller in its attack.
🕴 Password Reuse, Misconfiguration Blamed for Repository Compromises 🕴
📖 Read
via "Dark Reading: ".
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.📖 Read
via "Dark Reading: ".
Darkreading
Password Reuse, Misconfiguration Blamed for Repository Compromises
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.
❌ WP Live Chat WordPress Plugin Re-Patches File Upload Flaw ❌
📖 Read
via "Threatpost".
After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.📖 Read
via "Threatpost".
Threat Post
WP Live Chat WordPress Plugin Re-Patches File Upload Flaw
After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.
🕴 Attackers Add a New Spin to Old Scams 🕴
📖 Read
via "Dark Reading: ".
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.📖 Read
via "Dark Reading: ".
Darkreading
Attackers Add a New Spin to Old Scams
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
ATENTION‼ New - CVE-2017-18279
📖 Read
via "National Vulnerability Database".
Lack of check of buffer length before copying can lead to buffer overflow in camera module in Small Cell SoC, Snapdragon Mobile, Snapdragon Wear in FSM9055, FSM9955, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18278
📖 Read
via "National Vulnerability Database".
An integer underflow may occur due to lack of check when received data length from font_mgr_qsee_request_service is bigger than the minimal value of the segment header, which may result in a buffer overflow, in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18276
📖 Read
via "National Vulnerability Database".
Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18275
📖 Read
via "National Vulnerability Database".
A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18274
📖 Read
via "National Vulnerability Database".
While iterating through the models contained in a fixed-size array in the actData structure, which also stores an incorrect number of models that is greater than the size of the array, a buffer overflow occurs in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18173
📖 Read
via "National Vulnerability Database".
In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18157
📖 Read
via "National Vulnerability Database".
A Use After Free Condition can occur in Thermal Engine in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18156
📖 Read
via "National Vulnerability Database".
While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-18131
📖 Read
via "National Vulnerability Database".
In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.📖 Read
via "National Vulnerability Database".