NCR SelfServ ATM dispenser software contains multiple vulnerabilities

Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 05.01.00 or older are vulnerable to physical attacks on the communications bus between the currency dispenser component and the host computer. Description NCR SelfServ ATMs running APTRA XFS 05.01.00 or older contain...

Intel® NUC Bios Updater Advisory

Summary: A potential security vulnerability in Intel® NUC EBU firmware update executable may allow denial of service or information disclosure. Intel is releasing firmware kit updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2018-12158 Description: Insufficient...

U.S. sanctions against Russian cybersecurity companies

I never thought that I will write here about state sanctions. Usually I try to ignore political topics. But now it's necessary. Yesterday OFAC introduced sanctions against 5 Russian companies. I would like to mention 3 of them: Digital Security - one of the leading Russian Information Security...

Cisco product experience serious vulnerability, resulting in a large number of devices is facing a remote risk of attack-vulnerability warning-the black bar safety net

! Cisco in their IOS software that patches over 30 vulnerabilities, including a serious remote code execution vulnerability, the vulnerability can be hundreds of thousands of even millions of devices exposed on the network device initiates a remote attack. A total of three vulnerabilities are rat...

Microsoft Office - OLE Remote Code Execution Exploit

Exploit for windows platform in category remote exploits Source: https://github.com/embedi/CVE-2017-11882 CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11882 Research:...

Microsoft Patches 17-Year-Old Office Bug

Microsoft on Tuesday patched a 17-year-old remote code execution bug found in an Office executable called Microsoft Equation Editor. The vulnerability CVE-2017-11882 was patched as part of Microsoft’s November Patch Tuesday release of 53 fixes. While Microsoft rates the vulnerability only as...

Researchers Disclose Intel AMT Flaw Research

On Friday, just as Intel released additional information regarding a critical flaw found earlier this week in a subset of its business-class PCs, the researchers behind the initial vulnerability discovery, Embedi, also published their research on the flaw. Intel warned Monday of a firmware...

Explained — How Intel AMT Vulnerability Allows to Hack Computers Remotely

Earlier this week Intel announced a critical escalation of privilege bug that affects its remote management features shipping with Intel Server chipsets for past 7 years, which, if exploited, would allow a remote attacker to take control of vulnerable PCs, laptops, or servers. The vulnerability,...

Researcher: 'Baseless Assumptions' Exist About Intel AMT Vulnerability

Researchers at Embedi who found the critical Active Management Technology AMT flaw in Intel chips said in a blog published today there were “a tremendous amount of baseless assumptions” being made about the vulnerability. According Embedi CTO Dmitry Evdokimov, an information vacuum has predictabl...