CVE-2015-0728

Cross-site scripting XSS vulnerability in Cisco Access Control Server ACS 5.50.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002...

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Access Control Server ACS 5.50.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002...

Cisco Access Control Server File Inclusion Vulnerability

A vulnerability in Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to perform a file inclusion attack. The vulnerability is due to improper input validation of certain parameters passed to an affected device. An attacker could exploit this vulnerability by convinci...

Cisco Access Control Server Cross-Site Scripting Vulnerability

A vulnerability in Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to improper input validation of certain parameters passed to an affected device. An attacker could exploit this vulnerability b...

CVE-2015-0700

Cross-site request forgery CSRF vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.50.46.5 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.50.46.5 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924...

CVE-2015-0700

Cisco Secure Access Control Server Solution Engine Dashboard page in the monitoring-and-report section is affected by a CSRF vulnerability (CVE-2015-0700) prior to 5.5(0.46.5). An unauthenticated remote attacker can lure a user to a malicious link to perform actions in the context of that user. R...

CVE-2015-0700

Cross-site request forgery CSRF vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.50.46.5 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924...

New Evasion Techniques Help AlienSpy RAT Spread Citadel Malware

Hackers have co-opted AlienSpy, a remote access tool, to deliver the Citadel banking Trojan and establish backdoors inside a number of critical infrastructure operations. AlienSpy is a descendent of the Adwind, Unrecom and Frutas Java-based remote access Trojans, according to security company...

CVE-2014-5427

CVE-2014-5427 affects Johnson Controls Metasys 4.1–6.5 (ADS, ADX, LCS8520, NAE 55xx-x, NIE 5xxx-x, NxE8500). A remote, unauthenticated attacker can read password hashes via a POST request, exposing credentials and affecting confidentiality. Connected sources indicate multiple advisories and a pat...

CVE-2014-5428

Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server ADS, Extended Application and Data Server aka ADX, LonWorks Control Server 85 LCS8520, Network Automation Engine NAE 55xx-x, Network Integration...

CVE-2014-2130

Cisco Secure Access Control Server ACS provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka...

CVE-2014-2130

Cisco Secure Access Control Server ACS provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka...

Cisco Secure Access Control Server Multiple Cross-Site Scripting Vulnerabilities

A vulnerability in the web framework of Cisco Secure Access Control Server ACS could allow an unauthenticated, remote attacker to perform multiple cross-site scripting XSS attacks against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation...

Cisco Secure Access Control Server Elevation of Privilege Vulnerability

Cisco Secure ACS Access Control Server is a multifunction AAA authentication server. An elevation of privilege vulnerability exists in Cisco Secure Access Control Server, which allows remote authenticated users to gain network device administrator privileges via crafted HTTP requests to create,...

Cybercrime Group Preys on Wall Street Insider Information

A criminal hacking group with an innate understanding of how Wall Street moves and what influences stock prices has found a soft spot in more than 100 publicly traded companies and is stealing, among other data, mergers and acquisitions intelligence. The group is homed in on healthcare and...

Matsnu Botnet DGA Builds Domains From List of Nouns, Verbs

Domain generation algorithms have been botmasters’ favorite tool for keeping malware up and running—and for frustrating security researchers and detection technologies. Like malware, DGAs evolve, thus complicating an already tricky cat-and-mouse game between criminals and white hats. The latest i...

Watering Hole Attack Target Automotive, Aerospace Industries

Attackers managed to load malware onto the website of a prominent company involved in the development of simulation and systems engineering software widely used within the automotive, aerospace and manufacturing industries. These types of attacks are referred to as watering holes because, like a...

CryptoWall Ransomware Earns $1.1M, Encrypts 5 Billion Files

CryptoWall is a million-dollar business. The file-encrypting ransomware has netted the criminal gang responsible for its development and dispersal, more than $1.1 million in the six months it’s been in the wild, researchers at Dell SecureWorks’ Counter Threat Unit said in a report this week. The...

Koler Android Ransomware Infrastructure Complex and Agile

While the Koler ransomware may be a simplistic money-generating malware scam, the infrastructure standing up its campaigns is anything but. Researchers at Kaspersky Lab published a report today that not only explained details of how the attackers—possibly the group behind the Reveton...