Top

Category: Vulnerabilities


Network security, Vulnerabilities

How to Keep Up Security in a Bug-Infested World

September 28, 2018

Via: Dark Reading

Good digital hygiene will lower your risk, and these six tips can help. This past April saw a milestone: the 100,000th common vulnerability and exposure (CVE). Although we’ve hit a major mark in CVE identifiers, Cisco found that the total […]


Vulnerabilities

Malware on SHEIN Servers Compromises Data of 6.4M Customers

September 27, 2018

Via: Threat Post

A data breach targeting women’s apparel giant SHEIN occurred between June and August 2018. Email addresses and encrypted passwords of over 6.4 million SHEIN customers were stolen over the summer after the women’s retailer said it suffered a “concerted criminal […]


Application security, Vulnerabilities

Your Web Applications Are More Vulnerable Than You Think

September 25, 2018

Via: Security Intelligence

A recent study shined a light on an attack vector that is often overlooked: the insecurity of web applications. According to the report, issued by Positive Technologies, 44 percent of web applications are vulnerable to data leakage and security problems. […]


Vulnerabilities

Cisco Patches Code Execution in Webex Player

September 21, 2018

Via: Security Week

Cisco this week addressed vulnerabilities in the Webex Network Recording Player for Advanced Recording Format (ARF) that could allow a remote attacker to execute arbitrary code on a targeted system. The Webex Meetings Server is a multimedia conferencing solution that […]


Vulnerabilities

Rockwell Automation Patches Severe Flaws in Communications Software

September 21, 2018

Via: Security Week

Rockwell Automation has patched several critical and high severity vulnerabilities in its RSLinx Classic communications software. RSLinx Classic is a widely used piece of software that allows organizations to connect Logix5000 programmable automation controllers to various Rockwell applications, including for […]


Phishing, Vulnerabilities

Threats posed by using RATs in ICS

September 20, 2018

Via: Securelist

While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools (RAT) for PCs installed on operational technology (OT) networks of industrial enterprises. In a number of incidents that we have investigated, threat actors […]


Mobile security, Vulnerabilities

CSS-Based Attack Causes iOS, macOS Devices to Crash

September 18, 2018

Via: Threat Post

The attack stems from a glitch in WebKit, an HTML layout browser engine in Apple’s Safari browser. A newly-revealed proof-of-concept attack can cause iOS devices to crash or restart with a mere 15 lines of code, a researcher disclosed over […]


Vulnerabilities

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

September 18, 2018

Via: Threat Post

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug. Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on […]


Vulnerabilities

Facebook Offers Rewards for Access Token Exposure Flaws

September 18, 2018

Via: Security Week

Facebook announced on Monday that it has expanded its bug bounty program to introduce rewards for reports describing vulnerabilities that involve the exposure of user access tokens. Access tokens allow users to log into third-party applications and websites through Facebook. […]


Vulnerabilities

Privilege Escalation Vulnerability Found in Honeywell Android Computers

September 17, 2018

Via: Hot for Security

A total of 17 Honeywell handheld computers were recently found vulnerable to a privilege escalation bug that could enable attackers to fully compromise the device and its stored data. The remotely exploitable vulnerability (CVE-2018-14825) has been tagged as “Improper Privilege […]