3954 matches found
Rockwell Automation/Allen-Bradley Multiple Devices Authentication Bypass (ICSA-18-310-02)
Binary data 720141.prm...
The vulnerability of the InnoDB component of the MySQL database management system, which allows a hacker to cause a service failure
The vulnerability of the InnoDB component of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures using the MySQL protocol...
Malware targeting industrial plants: a threat to physical security
We live in a world where more and more manufacturing processes are controlled by computers that send instructions to robots. This might sound like a safe and efficient way of work, as it rules out human error, but what happens when a threat actor decides to target production servers? Consider the...
Preparing the Internet for the Next Mega DDoS Attack
When you think of a distributed denial-of-service DDoS attack at this point in the age of the internet, you might be thinking they’re old news. But when a multi-million-dollar business can be easily taken offline by an unskilled adversary and a $5 rent-a-DDoS service, I would argue that the issue...
The vulnerability of the RouterOS operating system, related to errors in the watchdog timer, allows a intruder to reboot the device.
The vulnerability of the RouterOS operating system is related to errors in the watchdog timer’s operation. This vulnerability allows a malicious actor to reboot the vulnerable device remotely...
TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping
Overview FireEye can now confirm that we have uncovered and are responding to an additional intrusion by the attacker behind TRITON at a different critical infrastructure facility. In December 2017, FireEye publicly released our first analysis on the TRITON attack where malicious actors used the...
Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'...
Session fixation
VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently...
DART: the Microsoft cybersecurity team we hope you never meet
If you spent 270 days away from home, not on vacation, you’d want it to be for a good reason. When boarding a plane, sometimes having been pulled out of bed to leave family for weeks on end, I know it’s because one of our customers is in need. It means there is a security compromise and they may ...
VMSA-2019-0004:VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability
VMSA-2019-0004 VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2019-0004 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware vCloud Director for...
Are hackers gonna hack anymore? Not if we keep reusing passwords
Enterprises have a password problem, and it’s one that is making the work of hackers a lot easier. From credential stuffing to brute force and password spraying attacks, modern hackers don’t have to do much hacking in order to compromise internal corporate networks. Instead, they log in using wea...
CVE-2018-19391
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...
Cross site scripting
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...
CVE-2018-19391
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application...
The vulnerability of Microsoft Exchange Server’s mail server, related to inadequate access control, allows a hacker to alter the access rights to files.
The vulnerability of Microsoft Exchange Server is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to alter the access rights to files...
The vulnerability of the Microsoft SharePoint software package lies in errors related to the mechanism for checking the source markup of the application’s code. This allows a hacker to execute arbitrary code.
The vulnerability of the Microsoft SharePoint software package is related to errors in the mechanism for checking the source markup of the application’s code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted content...
Card-Skimming Scripts Hide Behind Google Analytics, Angular
A host of credit card-stealing scripts have popped up on the web, injected into websites and purporting to be legitimate Google Analytics or Angular utilities in order to avoid webmaster notice. According to research from Sucuri, the malicious code is obfuscated and injected into legitimate JS...
CVE-2019-7728
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. The Bosch Smart Home App is not affected. iOS Apps are no...
The vulnerability of the Outside In Filters component within the software development kit (SDK) of Outside In Technology allows a hacker to trigger a service failure.
The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the HTTP protocol...