Summary The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities…

. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SpiderControl Equipment: SCADA WebServer Vulnerability: Reflected Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute JavaScript on the victim’s browser. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-One Vulnerabilities: Stack-based Buffer Overflow, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application. 3. TECHNICAL DETAILS 3.1 AFFECTED…

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: INVT Electric Equipment: VT-Designer Vulnerabilities: Deserialization of Untrusted Data, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause the program to crash and may allow remote code execution. 3. TECHNICAL DETAILS…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: AVEVA Software, LLC (AVEVA) Equipment: Vijeo Citect, Citect SCADA Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. 3. TECHNICAL…

Systems Affected Microsoft Windows Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred…

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon M221 Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a change of IPv4 configuration (IP address, mask, and gateway) when remotely connected to…

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Teledyne DALSA Equipment: Sherlock Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED…

A glitch in Gmail could be exploited by hackers to carry out phishing attacks, the issue is related the way Gmail automatically files messages into Sent folder A bug in Gmail could be exploited by attackers to carry out phishing attacks, the flaw ties the…