Lucene search
K

14 matches found

Schneier on Security
Schneier on Security
added 2018/10/29 11:18 a.m.30 views

Security Vulnerability in Internet-Connected Construction Cranes

This seems bad: The F25 software was found to contain a capture replay vulnerability -- basically an attacker would be able to eavesdrop on radio transmissions between the crane and the controller, and then send their own spoofed commands over the air to seize control of the crane. "These devices...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2014/06/24 11:39 a.m.12 views

Dramatic Drop in Vulnerable NTP Servers Used in DDoS Attacks

While patching of webservers vulnerable to the Heartbleed OpenSSL bug may have stalled, the same cannot be said about repairs to NTP servers that could be leveraged in devastating amplification attacks. A spate of distributed denial-of-service attacks DDoS tore through companies in January and...

Exploits0References6
ThreatPost
ThreatPost
added 2014/03/19 12:12 p.m.68 views

Exploits for Two-Year-Old PHP Security Vulnerability Found

Close to two years ago, a serious vulnerability in PHP was accidentally disclosed after it was discovered months prior during a hacking contest. A patch was released in relatively short order, and one would assume that given PHP’s prevalence as a web development framework, the fix would have been...

7.5CVSS10AI score0.99998EPSS
Exploits42References3
ThreatPost
ThreatPost
added 2014/01/14 12:45 p.m.38 views

NTP Amplification Flaw To Blame For Gaming DDoS Attacks

US-CERT has issued an advisory that warns enterprises about distributed denial of service attacks flooding networks with massive amounts of UDP traffic using publicly available network time protocol NTP servers. Known as NTP amplification attacks, hackers are exploiting something known as the...

5CVSS1.4AI score0.97549EPSS
Exploits23References3
ThreatPost
ThreatPost
added 2013/06/25 12:33 p.m.11 views

WordPress Update 3.5.2 Patches Seven Vulnerabilities

WordPress, which has been a jumping off point for a number of targeted attacks and other high-profile hacks, has been updated and the latest version includes a number of security patches. Version 3.5.2, released late last week, includes seven security fixes and some additional hardening, accordin...

7.6AI score
Exploits0References6
ThreatPost
ThreatPost
added 2012/08/30 2:3 a.m.33 views

Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstream

More security researchers are recommending users disable the current version of Java after zero-day exploits gained traction in the Web world. Patrick Runald, director of security research for Websense, told PC World today that his team had uncovered more than 100 infected domains – a figure...

10CVSS0.2AI score0.84807EPSS
Exploits19References4
ThreatPost
ThreatPost
added 2011/12/29 2:41 p.m.12 views

Attack Tool Released for WPS PIN Vulnerability

Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup WPS standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver,...

7.3AI score
Exploits0References3
The Hacker News
The Hacker News
added 2011/12/28 9:27 a.m.10 views

Easy Router PIN Guessing with new WiFi Setup vulnerability

Easy Router PIN Guessing with new WiFi Setup vulnerability There is a newly discovered vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router's setup process. The flaw results in too much...

7AI score
Exploits0
CISA
CISA
added 2011/11/17 12:0 a.m.26 views

Internet Systems Consortium Releases BIND-P1 Patches

The Internet Systems Consortium has released updates for BIND to address a vulnerability. This vulnerability may allow an attacker to cause a denial-of-service condition. Please refer to the Internet Systems Consortium advisory for additional information. US-CERT recommends that administrators of...

5CVSS2.1AI score0.16747EPSS
Exploits0References5
CISA
CISA
added 2011/01/28 12:0 a.m.9 views

RealNetworks, Inc. Releases Update for RealPlayer

RealNetworks, Inc. has released an update for Windows RealPlayer 14.0.1 and prior to address a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the RealNetworks, Inc. security advisory and appl...

7.5AI score
Exploits0References1
ThreatPost
ThreatPost
added 2010/11/19 3:40 p.m.9 views

Apple Patches Safari Browser Holes

Apple on Thursday issued updates for its Safari Web browser to fix more than two dozen vulnerabilities that left the browser open to Web-based attacks. The company released Safari versions 5.0.3 and 4.1.3 for Mac OS X and Windows XP SP2, Vista and Windows 7. The updated versions fix 27 reported...

1.1AI score
Exploits0References4
CISA
CISA
added 2010/08/31 12:0 a.m.10 views

RealNetworks Releases Update to Address Vulnerabilities in RealPlayer

RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the RealNetworks, Inc...

8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2009/06/26 4:30 p.m.13 views

Hackers Pounce on Michael Jackson's Death

As night follows day, malicious hackers are following high-profile news around celebrity deaths to launch attacks. According to a warning from the U.S. Computer Emergency Response team, there are several spam campaigns, phishing attacks, and malicious code targeting the recent deaths of Michael...

1.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/02/23 12:0 a.m.28 views

InstallShield InstallFromTheWeb ActiveX Control Multiple Overflows

InstallFromTheWeb IFTW, a web-enabled software installation product from InstallShield, is installed on the remote host. The version of InstallFromTheWeb on the remote host includes an ActiveX control that is reportedly affected by multiple and, as yet, unspecified buffer overflow vulnerabilities...

9.3CVSS6.6AI score0.05361EPSS
Exploits0References1
Rows per page
Query Builder