Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
GE Intelligent Platforms Proficy HTML Help Vulnerabilities (Update A)
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
No Patch Available Yet for New Major Vulnerability in Ghostscript Interpreter
Tavis Ormandy, a Google Project Zero security researcher, has revealed details about a new major vulnerability discovered in Ghostscript, an interpreter for Adobe’s PostScript and PDF page description languages. Ghostscript is by far the most widely used solution of its kind. The Ghostscript interpreter is…
Dark Tequila Banking Malware Uncovered After 5 Years of Activity
Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013. Dubbed Dark Tequila, the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years…
Zero-Day In Microsoft’s VBScript Engine Used By Darkhotel APT
A vulnerability in the VBScript engine has been used by hackers working for North Korea to compromise systems targeted by the Darkhotel operation. VBScript is available in the latest versions of Windows and in Internet Explorer 11. In recent versions of Windows, though, Microsoft disabled execution…
JavaScript Web Apps and Servers Vulnerable to ReDoS Attacks
JavaScript web apps and web servers are susceptible to a specific type of vulnerabilities/attacks known as regular expression (regex) denial of service (ReDoS). These vulnerabilities take place when an attacker sends large and complex pieces of text to the open input of a JavaScript-based web…
16-Year-Old Teen Hacked Apple Servers, Stole 90GB of Secure Files
Well, there’s something quite embarrassing for Apple fans. Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible. The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files,…
New PHP Code Execution Attack Puts WordPress Sites at Risk
Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of thousands of web applications open to remote…
Necurs Botnet Pushing New Marap Malware
Security researchers from Proofpoint have discovered a new malware strain that they named Marap and which is currently distributed via massive waves of spam emails carrying malicious attachments (malspam). The malware is neither a banking trojan, a remote access trojan (RAT), or ransomware, but a…
Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered
2018 has been quite a tough year for Intel. While the chip-maker giant is still dealing with Meltdown and Spectre processor vulnerabilities, yet another major speculative execution flaw has been revealed in Intel’s Core and Xeon lines of processors that may leave users vulnerable to cyber-attacks. Dubbed Foreshadow, alternatively called…
Stay connected