HP Silently Installs Telemetry Bloatware On Your PC—Here's How to Remove It

Do you own a Hewlett-Packard HP Windows PC or laptop? Multiple HP customers from around the world are reporting that HP has started deploying a "spyware" onto their laptops—without informing them or asking their permission. The application being branded as spyware is actually a Windows Telemetry...

Moderate: Red Hat Security Advisory: openstack-aodh security update

An update for openstack-aodh is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Cesanta Mongoose MQTT Information Disclosure Vulnerability

Cesanta Mongoose is a suite of embedded servers from Cesanta, Ireland. An information disclosure vulnerability exists in the MQTT packet parsing feature in Cesanta Mongoose version 6.8. An attacker can exploit this vulnerability by sending specially crafted MQTT packets to obtain information or...

Cesanta Mongoose MQTT Remote Code Execution Vulnerability (CNVD-2017-33389)

Cesanta Mongoose is a suite of embedded servers from Cesanta, Ireland. A remote code execution vulnerability exists in the MQTT packet parsing feature in Cesanta Mongoose version 6.8. A remote attacker can exploit this vulnerability by sending specially crafted MQTT packets to execute code...

OnePlus Secretly Collects Way More Data Than It Should — Here’s How to Disable It

There is terrible news for all OnePlus lovers. Your OnePlus handset, running OxygenOS—the company's custom version of the Android operating system, is collecting way more data on its users than it requires. A recent blog post published today by security researcher Christopher Moore on his website...

WebBreaker - Dynamic Application Security Test Orchestration (DASTO)

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

CVE-2017-9645

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External Transmitters,...

CVE-2017-9645

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants including RSD31-AM Package, DRM-1/2 and variants including Solar PWR Package, DRM and RDS Based Boundary Monitors, External Transmitters,...

Unspecified Vulnerability in Philips' IntelliView MX40 Patient Worn Monitor (CNVD-2017-26427)

The MX40 Patient Worn Monitor is primarily used as a traditional telemetry medical device as part of a surveillance and alarm system. Under certain 802.11 network conditions, when hospital staff reset the device and re-establish it to a Wi-Fi access point, the MX40 can connect to an alternate...

Microsoft Exchange Information Disclosure Vulnerability

An input sanitization issue exists with Microsoft Exchange that could potentially result in unintended Information Disclosure. An attacker who successfully exploited the vulnerability could identify the existence of RFC1918 addresses on the local network from a client on the Internet. An attacker...

Malware vaccination tricks: blue pills or red pills

First, let me explain what I mean by malware vaccination tricks. Most of you will have heard about some of these. Vaccination tricks are in fact techniques that use safety checks done by malware against that same malware. The malware checks for the presence of certain files or registry keys as a...

What makes a good "DNS Blacklist"? - Part 1

Reflections on Modern Actionable Threat Intelligence used to turn a DNS Resolver into a Critical Security Tool Akamai has just launched the Enterprise Threat Protection ETP platform. ETP is built on Akamai's global AnswerX Cloud that now reaches 28 countries and is expanding to new countries ever...

Mirion Technologies Telemetry Enabled Devices Denial of Service Vulnerability

Mirion Technologies is the source for solutions for nuclear energy, military, radiation detection and monitoring. The Mirion Technologies Telemetry Enabled Devices denial of service vulnerability can be exploited by attackers to transmit fraudulent data or perform a denial of service...

USN-3374-1 rabbitmq-server vulnerability

It was discovered that RabbitMQ incorrectly handled MQTT MQ Telemetry Transport authentication. A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password...

Mirion Technologies Telemetry Enabled Devices

CVSS v3 5.0 Vendor: Mirion Technologies Equipment: Telemetry Enabled Devices Vulnerabilities: Use of Hard-Coded Cryptographic Key, Inadequate Encryption Strength AFFECTED PRODUCTS The following telemetry enabled devices are affected: DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-3...

The MeDoc Connection

This Post Authored by David Maynor, Aleksandar Nikolic, Matt Olney, and Yves YounanSummaryThe Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Service...

Solution Corner: Malwarebytes Endpoint Protection

We’ve been busy here at Malwarebytes with several product announcements recently. Malwarebytes Incident Response was released in late April, providing threat detection and remediation via our new cloud-based platform. Right on its heels, leveraging the same platform is Malwarebytes Endpoint...

Low: Red Hat Security Advisory: openstack-heat security and bug fix update

An update for openstack-heat is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Endpoint Security Platform: Lima Charlie

LIMA CHARLIE is an endpoint security platform. It is itself a collection of small projects all working together to become the LC platform. LC gives you a cross-platform Windows, OSX, Linux, Android and iOS low-level environment allowing you to manage and push in memory additional modules to. The...

Microsoft Unveils Special Version of Windows 10 For Chinese Government

China is very strict about censorship, which is why the country has become very paranoid when it comes to adopting foreign technologies. The country banned Microsoft's Windows operating system on government computers in 2014 amid concerns about security and US surveillance. Even in the wake of...