ATENTIONβΌ New - CVE-2018-10695
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST parameters "to1,to2,to3,to4" are all susceptible to buffer overflow. By crafting a packet that contains a string of 678 characters, it is possible for an attacker to execute the attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10694
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10693
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10692
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10691
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10690
π Read
via "National Vulnerability Database".
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.π Read
via "National Vulnerability Database".
π Seriously, stop using qwerty as a password--enlist these password strategies instead π
π Read
via "Security on TechRepublic".
Users understand that their passwords or security protocols are weak, but they may not understand the consequences until it's too late.π Read
via "Security on TechRepublic".
TechRepublic
Seriously, stop using qwerty as a password--enlist these password strategies instead
Users understand that their passwords or security protocols are weak, but they may not understand the consequences until it's too late.
β Monday review β the hot 21 stories of the week β
π Read
via "Naked Security".
From the vulnerable Windows RDS 'feature' to the privacy of US visa applicants - and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 21 stories of the week
From the vulnerable Windows RDS βfeatureβ to the privacy of US visa applicants β and everything in between. Itβs weekly roundup time.
β Online shops fear 2FA at checkout will increase abandoned carts β
π Read
via "Naked Security".
A report says the EU will lose $64b per year once new 2FA rules go into effect, but we support Strong Customer Authentication (SCA) wholeheartedly.π Read
via "Naked Security".
Naked Security
Online shops fear 2FA at checkout will increase abandoned carts
A report says the EU will lose $64b per year once new 2FA rules go into effect, but we support Strong Customer Authentication (SCA) wholeheartedly.
β Laptops used in 2016 NC poll to be examined by Feds β after 2.5 years β
π Read
via "Naked Security".
The e-voting vendor in North Carolina was spearphished days before the election but still went ahead and used remote access software.π Read
via "Naked Security".
Naked Security
Laptops used in 2016 NC poll to be examined by feds β after 2.5 years
The e-voting vendor in North Carolina was spearphished days before the election but still went ahead and used remote access software.
β Cryptocurrency attack thwarted by npm team β
π Read
via "Naked Security".
Cryptocurrency users narrowly escaped losing all their funds last week after an attacker poisoned a digital wallet with malicious code that stole their blockchain access details.π Read
via "Naked Security".
Naked Security
Cryptocurrency attack thwarted by npm team
Cryptocurrency users narrowly escaped losing all their funds last week after an attacker poisoned a digital wallet with malicious code that stole their blockchain access details.
β The GoldBrute botnet is trying to crack open 1.5 million RDP servers β
π Read
via "Naked Security".
Even its most optimistic users would have to concede that itβs been a bracing few weeks for anyone who relies on Microsoftβs Remote Desktop Protocol (RDP).π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Black Hat USA Offers Fresh Perspectives on Enterprise Cybersecurity π΄
π Read
via "Dark Reading: ".
Learn new enterprise-grade techniques for identifying vulnerabilities, improving Active Directory security, and building trust with customers at Black Hat USA this summer.π Read
via "Dark Reading: ".
Dark Reading
Black Hat USA Offers Fresh Perspectives on Enterprise Cybersecurity
Learn new enterprise-grade techniques for identifying vulnerabilities, improving Active Directory security, and building trust with customers at Black Hat USA this summer.
π΄ Unmixed Messages: Bringing Security & Privacy Awareness Together π΄
π Read
via "Dark Reading: ".
Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done.π Read
via "Dark Reading: ".
Dark Reading
Unmixed Messages: Bringing Security & Privacy Awareness Together
Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done.
β Microsoft warns of time-travelling equation exploit β are you safe? β
π Read
via "Naked Security".
An Office bug that was squashed back in 2017 is still in widespread use - make sure your computer hasn't slipped through the patch cracks!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β VLC Player Gets Patched for Two High-Severity Bugs β
π Read
via "Threatpost".
Popular media player receives 33 security bug fixes, two of which are rated high severity.π Read
via "Threatpost".
Threat Post
VLC Player Gets Patched for Two High-Severity Bugs
Popular media player receives 33 security bug fixes, two of which are rated high severity.
π΄ 'Lone Wolf' Scammer Built a Multifaceted BEC Cybercrime Operation π΄
π Read
via "Dark Reading: ".
A one-man 419 scam evolved into a lucrative social-engineering syndicate over the past decade that conducts a combination of business email compromise, romance, and financial fraud.π Read
via "Dark Reading: ".
Dark Reading
'Lone Wolf' Scammer Built a Multifaceted BEC Cybercrime Operation
A one-man 419 scam evolved into a lucrative social-engineering syndicate over the past decade that conducts a combination of business email compromise, romance, and financial fraud.
π How to integrate Spamassassin with Postfix Mail Server π
π Read
via "Security on TechRepublic".
The task of preventing the never-ending flow of spam gets a bit simpler with Spamassassin and Postfix.π Read
via "Security on TechRepublic".
π Want less spam? Learn how to integrate Spamassassin with Postfix Mail Server π
π Read
via "Security on TechRepublic".
The task of preventing the never-ending flow of spam gets a bit simpler with Spamassassin and Postfix.π Read
via "Security on TechRepublic".
TechRepublic
Want less spam? Learn how to integrate Spamassassin with Postfix Mail Server
The task of preventing the never-ending flow of spam gets a bit simpler with Spamassassin and Postfix.