Medtronic N'vision Clinician Programmer Security Vulnerabilities

[SECURITY] Fedora 31 Update: libssh-0.9.4-2.fc31

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Webkiller v2.0 - Tool Information Gathering

Tool Information Gathering Write With Python. PreView ██╗ ██╗███████╗██████╗ ██╗ ██╗██╗██╗ ██╗ ███████╗██████╗ ██║ ██║██╔════╝██╔══██╗██║ ██╔╝██║██║ ██║ ██╔════╝██╔══██╗ ██║ █╗ ██║█████╗ ██████╔╝█████ ;╔╝ ██║██║ ██║ █████╗ ██████╔╝ ...

French Firms Rocked by Kasbah Hacker?

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. An individual thought to be involved has earned accolades from the likes of...

Medtronic Patches Implanted Device, CareLink Programmer Bugs

Medtronic has released updates to address known vulnerabilities in its line of connected medical devices that were initially disclosed last year and in 2018. The vendor has addressed two sets of bugs. The first group, disclosed in March of last year, is found in a range of Medtronic implanted...

Medtronic 2090 Carelink Programmer Vulnerabilities (Update C)

EXECUTIVE SUMMARY CVSS v3 7.1 Vendor: Medtronic Equipment: 2090 CareLink Programmer, 29901 Encore Programmer Vulnerabilities: Storing Passwords in a Recoverable Format, Relative Path Traversal, Improper Restriction of Communication Channel to Intended Endpoints 2. UPDATE INFORMATION This...

Fedora Update for limnoria FEDORA-2019-7c3227fea5

The remote host is missing an update for...

Fedora Update for libssh FEDORA-2019-8b0ad69829

The remote host is missing an update for...

Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution

Posted by Samuel Groß, Project Zero This is the third and last post in a series about a remote, interactionless iPhone exploit over iMessage. The first blog post introduced the exploited vulnerability, and the second blog post described a way to perform a heapspray, leaking the shared cache base...

Fedora Update for libssh FEDORA-2019-46b6bd2459

The remote host is missing an update for...

[SECURITY] Fedora 30 Update: libssh-0.9.3-1.fc30

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

[SECURITY] Fedora 31 Update: libssh-0.9.3-1.fc31

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Ruby on Rails: Prevent XSS when passing a parameter directly into link_to

Note: I would say this is perhaps more of a feature request than an actual vulnerability, but Rafael França deleted this from GitHub and asked to submit it here instead In a rails views it's easy to accidentally create an XSS vulnerability by using the following in a template: <%= link_to 'Back'...

Hacking Hardware Password Managers: Royal Vault Password Keeper

TL;DR: Taking three hardware password managers I used them to: Learn the basics of hardware hacking Practice disassembling Perform chipset research Understand pinouts and protocols Read data off each device The royal password vault boards looked to be reused from a previous hardware device with...

Fedora Update for limnoria FEDORA-2019-742811fc22

The remote host is missing an update for...

Fedora Update for limnoria FEDORA-2019-789f4e5494

The remote host is missing an update for...

[SECURITY] Fedora 29 Update: limnoria-20191109-2.fc29

Supybot is a robust (it doesn't crash), user friendly (it's easy to configure) and programmer friendly (plugins are extremely easy to write) Python IRC bot. It aims to be an adequate replacement for most existing IRC bots. It includes a very flexible and powerful ACL system for controlling access.....

[SECURITY] Fedora 31 Update: limnoria-20191109-2.fc31

Supybot is a robust (it doesn't crash), user friendly (it's easy to configure) and programmer friendly (plugins are extremely easy to write) Python IRC bot. It aims to be an adequate replacement for most existing IRC bots. It includes a very flexible and powerful ACL system for controlling access.....

[SECURITY] Fedora 30 Update: limnoria-20191109-2.fc30

Supybot is a robust (it doesn't crash), user friendly (it's easy to configure) and programmer friendly (plugins are extremely easy to write) Python IRC bot. It aims to be an adequate replacement for most existing IRC bots. It includes a very flexible and powerful ACL system for controlling access.....

OMRON CX-One CX-Programmer Program Use after Free (CVE-2019-6556)

A use-after-free vulnerability exists in OMRON CX-One CX-Programmer module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected...

Omron Cx-programmer Exposure of Sensitive Information to an Unauthorized Actor

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a...

Omron Cx-programmer Exposure of Sensitive Information to an Unauthorized Actor

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock...

IoT-Implant-Toolkit - Toolkit For Implant Attack Of IoT Devices

IoT-Implant-Toolkit is a framework of useful tools for malware implantation research of IoT devices. It is a toolkit consisted of essential software tools on firmware modification, serial port debugging, software analysis and stable spy clients. With an easy-to-use and extensible shell-like...

Programmer hacks his attacker; releases decryption keys for Mushtik ransomware

By Sudais "Hey guys, I hacked back this criminal and got the whole database with (Mushtik ransomware) keys." The last laugh - it's something that everyone would like to have. Turns out, a German programmer by the name of Tobias Fromel had it in a very dramatic fashion. It all started when he was...

Fenrir - Simple Bash IOC Scanner

Fenrir is a simple IOC scanner bash script. It allows scanning Linux/Unix/OSX systems for the following Indicators of Compromise (IOCs): Hashes MD5, SHA1 and SHA256 (using md5sum, sha1sum, sha -a 256) File Names string - checked for substring of the full path, e.g. "temp/p.exe" in...

US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks

The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure. Besides this, the hacking groups have also been accused of stealing possibly hundreds of...

When Biology Becomes Software

All of life is based on the coordinated action of genetic parts (genes and their controlling sequences) found in the genomes (the complete DNA sequence) of organisms. Genes and genomes are based on code-- just like the digital language of computers. But instead of zeros and ones, four DNA letters.....

Btlejack - Bluetooth Low Energy Swiss-army Knife

Btlejack provides everything you need to sniff, jam and hijack Bluetooth Low Energy devices. It relies on one or more BBC Micro:Bit. devices running a dedicated firmware. You may also want to use an Adafruit's Bluefruit LE sniffer or a nRF51822 Eval Kit, as we added support for these devices....

News Wrap: Dentist Offices Hit By Ransomware, Venmo Faces Privacy Firestorm

In this week’s news wrap podcast, editor Lindsey O’Donnell and Tara Seals break down the top news of the week – from ransomware attacks to companies responding to outcry over privacy issues. Top stories include: Ring announced it is working with more than 400 US police departments to streamline...

Venmo's Public Transactions Policy Stirs Privacy Concerns

Your simple $5 Venmo payment to a friend after splitting a pizza could easily expedite various malicious attacks, from stalking to spear-phishing, according to researcher concerns. Many have weighed in on Venmo’s privacy practices, but the latest are Mozilla Foundation and the Electronic Frontier.....

How much personalization is too much?

This story originally ran in The Parallax on January 25, 2019, and was written by Dan Tynan. In 2012, when Target used data analytics to identify customers who were expecting a baby, then mailed them coupons for maternity clothing and nursery furniture, it inadvertently revealed a teenage girl’s...

DEF CON 2019: Researchers Demo Hacking Google Home for RCE

LAS VEGAS – The Tencent Blade Team of researchers demonstrated several ways they have developed to hack and run remote code on Google Home smart speakers. The hacks center around what is known as a Magellan vulnerability, which can be used to exploit the massively popular SQLite database engine....

Avaya Deskphone: Decade-Old Vulnerability Found in Phone's Firmware

ARCHIVED STORY Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware By Philippe Laulheret · August 08, 2019 Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies (source), with products targeting a wide spectrum...

Avaya Deskphone: Decade-Old Vulnerability Found in Phone's Firmware

ARCHIVED STORY Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware By Philippe Laulheret · August 08, 2019 Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies (source), with products targeting a wide spectrum...

Software Developers and Security

According to a survey: "68% of the security professionals surveyed believe it's a programmer's job to write secure code, but they also think less than half of developers can spot security holes." And that's a problem. Nearly half of security pros surveyed, 49%, said they struggle to get...

Siemens Contractor Pleads Guilty to Planting 'Logic Bomb' in Spreadsheets

A former Siemens contractor has pledged guilty in federal court Friday to secretly planting code in automated spreadsheets he had created for the company over a decade ago that deliberately crashes the program every few years. David Tinley, a 62-year-old resident of Harrison City, Pennsylvania,...

Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

Microsoft Windows Task Scheduler suffers from a local privilege escalation vulnerability. The Windows MMC auto-elevates members of the 'administrators' group via the GUI and MMC snap-ins (via mmc.exe) automatically elevate without prompting UAC potentially leading to unintentional elevation of...

Bug in Anesthesia Respirators Allows Cyber-Tampering

A vulnerability in GE Healthcare’s Aestiva and Aespire anesthesia devices would allow an unauthenticated cybercriminal on the same network as the device to modify gas composition parameters within the devices’ respirator function, thus changing sensor readings for gas density. According to GE...

How we hacked our colleague’s smart home

In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API. An offer you cannot refuse The backbone of any technology...

Ewon Flexy IoT Router. A Deep dive

First off I would like to thank the techs at PTP for their insights and help during this process. I know what I know, and I don't know what I don’t know, so I asked for help sometimes. I've learned a lot from this project e.g. how XOR works, and how to use IDA to analyse ARM binaries better, so I.....

Hunting COM Objects

COM objects have recently been used by penetration testers, Red Teams, and malicious actors to perform lateral movement. COM objects were studied by several other researchers in the past, including Matt Nelson (enigma0x3), who published a blog post about it in 2017. Some of these COM objects were.....

HiddenWall - Linux Kernel Module Generator For Custom Rules With Netfilter (Block Ports, Hidden Mode, Rootkit Functions, Etc)

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that...

[SECURITY] Fedora 30 Update: rubygem-rails-5.2.3-1.fc30

Ruby on Rails is a full-stack web framework optimized for programmer happin ess and sustainable productivity. It encourages beautiful code by favoring convention over...

Fedora Update for rubygem-rails FEDORA-2019-1cfe24db5c

The remote host is missing an update for...

Omron Multiple Products Reversible Password Storage

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a...

Omron CP1W-CIF41 Communications Adapter Detection

A CP1W-CIF41 with model number CP1W-CIF41 has been detected. It is described by Omron as Ethernet Option Board - One Ethernet Option Board can be mounted to the Option Board slot. CP1E CPU Units are supported by CP1W-CIF41 version 2.0 or higher. When using CP1W-CIF41, CX-Programmer version 9.12 or....

Omron Multiple Products Cleartext Transmission

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock...

Fedora Update for libssh FEDORA-2018-6b390ceb36

The remote host is missing an update for...

Fedora Update for meson FEDORA-2019-27e7b92407

The remote host is missing an update for...

CARBANAK Week Part Three: Behind the CARBANAK Backdoor

We covered a lot of ground in Part One and Part Two of our CARBANAK Week blog series. Now let's take a look back at some of our previous analysis and see how it holds up. In June 2017, we published a blog post sharing novel information about the CARBANAK backdoor, including technical details,...

[SECURITY] Fedora 29 Update: meson-0.50.0-4.fc29

Meson is a build system designed to optimize programmer productivity. It aims to do this by providing simple, out-of-the-box support for modern software development tools and practices, such as unit tests, coverage reports, Valgrind, CCache and the...