61 matches found
CVE-2017-9638
Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash...
CVE-2017-9634
Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash...
Feds Take On Foreign Hackers, While 880K Orbitz Customers “Likely” Affected by Data Breach
In this edition of Qualys’ infosec news digest, we look at Orbitz’s data breach, AMD’s vulnerabilities controversy, and recent actions by the U.S. government against alleged Russian and Iranian cyber spies. Orbitz was kinda, sorta, maybe hacked Orbitz disclosed last week that personal information...
The seven most colossal data breaches of 2017
By Logan Strain If it seems like the words “leak,” “compromised data,” and “breach” are constantly in the news, it’s not just you. The frequency of major data breaches is increasing. According to the Identity Theft Resource Center, the number of breaches is expected to top 1,500 in 2017. That’s a...
CVE-2017-10310
Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion subcomponent: Security Models. The supported version that is affected is 11.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion...
CVE-2017-10185
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: User Management. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...
Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days
The infamous hacking collective Shadow Brokers – the one who leaked the Windows SMB exploit in public that led to last weekend's WannaCrypt menace – are back, this time, to cause more damage. In typically broken English, the Shadow Brokers published a fresh statement with full of frustration a fe...
CVE-2017-3593
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware subcomponent: Advanced UI. Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP ...
CVE-2017-3533
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...
CVE-2017-3362
Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...
Breach Database Site 'LeakedSource' Goes Offline After Alleged Police Raid
The biggest mistake companies make with data security is leaving all their secrets unprotected at one place, which if attacked, they are all gone in one shot. An unnamed law enforcement agency has reportedly accessed billions of compromised usernames, email IDs, and their passwords, collected by...
Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records
Ransomware has seriously turned on to a noxious game of Hackers to get paid effortlessly. Once again the heat was felt by the Los Angeles-based Presbyterian Medical Center when a group of hackers had sealed all its sensitive files and demanded $17,000 USD to regain the access to those compromised...
Hacking Team Says It Always Sold 'Strictly Within the Law'
Hacking Team officials are disputing reports that the company sold its surveillance and intrusion software to oppressive regimes in countries that were under sanction. The company said it sold its products “strictly within the law and regulation as it applied at the time any sale was made.” The n...
Data Breaches Show Difficulty of Defenders' Task
When attackers broke into the network of the University of Maryland last month, the university’s wasn’t sure how to react. The organization had never had a major security incident before, and this one qualified as major: 310,000 Social Security numbers and other information was gone. And then thr...
Millions of Customer Records Leaked in Experian ID Theft Case
An ongoing investigative report has revealed that a man posing as a private investigator may have compromised millions of Americans’ personal and financial records from 2007 to 2013. The news is the latest fallout from last year’s discovery that Experian, one of the “big three” national credit...
Syrian Electronic Army Hack Results in Compromise of Domain Data For NY Times, Twitter
The Syrian Electronic Army, a group known for attacking high-profile media sites in the last year or so, has in the last few hours compromised the domain information for a large number of sites, including the New York Times home page and some of Twitter’s domains. Security researchers say that th...
Accused UGA Hacker committed suicide
A former University of Georgia UGA student under investigation for allegedly hacking into the school’s computerized personnel records system committed suicide last month. Stell attended classes at UGA between 2005 and 2007. The Data breach was carried out around two months back near 15th October...
FBI Warns Top Firms Of Anonymous Protest Hacks on May 25
The FBI Cyber Division has sent a warning to some of the world’s top corporations about a coordinated campaign of denial of service attacks and hacking, scheduled for Friday, May 25. Apple Computer, McDonald’s, ExxonMobil, Hewlett-Packard, Bank of China and Walmart are among the firms singled out...
GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting / SQL Injections
source: https://www.securityfocus.com/bid/49475/info GeoClassifieds Lite is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data...
Unisys/DHS Hack
A congressional investigation was launched after hackers compromised a number of Homeland Security computers and transferred sensitive data to several Chinese language Web sites. The investigation deemed that Unisys, a government contractor that had been hired to secure the department’s systems,...