E-commerce: Bad bots are ready for the holidays. Are you?

The busiest time for online retailers is almost upon us—the holiday season. Each business is looking at ways to take advantage of cyber week when a significant portion of annual sales are made. At this time, preparation is well underway for Black Friday and Cyber Monday promotions. But another...

Siemens SIMATIC WinCC PdlComponents.dll control has an arbitrary file write vulnerability

Siemens SIMATIC is an automation software with a single engineering environment.WinCC supports the discovery and configuration of LAN device information with the PN-DCP protocol at the Ethernet layer. An arbitrary file write vulnerability exists in the Siemens SIMATIC WinCC PdlComponents.dll...

ThreatList: Apple Adware, Phishing, APT Attacks Threaten macOS Users

While macOS is often touted as “safer” on the cybersecurity front compared to Windows-based systems, cybercriminals are in fact increasingly targeting Apple’s ecosystem. The number of attacks on macOS users through malicious and potentially unwanted programs has been increasing annually since 201...

NewStart CGSL MAIN 4.06 : libvirt Vulnerability (NS-SA-2019-0173)

The remote NewStart CGSL host, running version MAIN 4.06, has libvirt packages installed that are affected by a vulnerability: - It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary pat...

Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An...

financialeducationprograms.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-958206 Security Researcher Gh05tPT Helped patch 6901 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting...

Fedora Update for python-mitogen FEDORA-2019-b25dd670a4

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: python-mitogen-0.2.8-1.fc30

Mitogen is a Python library for writing distributed self-replicating progra ms. There is no requirement for installing packages, copying files around, writ ing shell snippets, upfront configuration, or providing any secondary link to a remote machine aside from an SSH connection. Due to its origi...

Six Hackers Have Now Pocketed $1M From Bug Bounty Programs

Six hackers in total have each now pocketed more than $1 million from finding vulnerabilities in bug-bounty programs – including one from the U.S. That figure comes as more bug-bounty programs bump up their rewards due to participants finding more high-severity vulnerabilities in their platforms,...

CVE-2019-2390

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; Mongo...

Scientific Linux Security Update : mariadb on SL7.x x86_64 (20190806)

Security Fixes : - mysql: MyISAM unspecified vulnerability CPU Jul 2018 CVE-2018-3058 - mysql: Server: Security: Privileges unspecified vulnerability CPU Jul 2018 CVE-2018-3063 - mysql: Client programs unspecified vulnerability CPU Jul 2018 CVE-2018-3081 - mysql: Server: Storage Engines unspecifi...

CVE-2019-1552

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versio...

CVE-2019-6695

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods...

[SECURITY] Fedora 30 Update: postgresql-11.5-1.fc30

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

"Can I Take Over XYZ?" - A List Of Services And How To Claim (Sub)Domains With Dangling DNS Records

What is asubdomain takeover? Subdomain takeover vulnerabilities occur when a subdomain subdomain.example.com is pointing to a service e.g. GitHub pages, Heroku, etc. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page ...

CVE-2016-10894

xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to and thus control various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks by depressing the touchpad once and th...

Open-Xchange OX Guard Cross Site Scripting / Signature Validation

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs appsuite, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH Product: OX...

Open-Xchange OX App Suite Content Spoofing / Cross Site Scripting

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs appsuite, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH Product: OX...

mysql: Client programs unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached ...

mysql: Client programs unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached ...