CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild
Experts at Volexity discovered that a recently patched remote code execution flaw (CVE-2018-15961) affecting the Adobe ColdFusion has been exploited in the wild. Security experts from Volexity reported that attackers in the wild are exploiting a recently patched remote code execution vulnerability affecting the Adobe ColdFusion. The flaw, tracked as CVE-2018-15961,…
Philips iSite and IntelliSpace PACS
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: iSite and IntelliSpace PACS Vulnerability: Weak Password Requirements 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker with local network access to impact confidentiality, integrity, and availability of a component of…
JexBoss – JBoss Verify and EXploitation Tool
Summary JBoss Verify and EXploitation tool (JexBoss) is an open-source tool used by cybersecurity hunt teams (sometimes referred to as “red teams”) and auditors to conduct authorized security assessments. Threat actors use this tool maliciously to test and exploit vulnerabilities in JBoss Application Server (JBoss…
HSBC Bank USA notified customers of a security breach
HSBC Bank USA notified customers of a data breach that has happened between Oct 4 and Oct 14, unknown attackers were able to access their online accounts. HSBC Bank USA notified customers of a data breach that has happened between October 4 and October 14, unknown attackers were able…
Popular WooCommerce WordPress Plugin Patches Critical Vulnerability
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or…
Roche Point of Care Handheld Medical Devices
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable with adjacent access/low skill level to exploit Vendor: Roche Equipment: Point of Care handheld medical devices Vulnerabilities: Improper Authentication, OS Command Injection, Unrestricted Upload of File with Dangerous Type, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could…
High severity XML external entity flaw affects Sauter building automation product
A security researcher has found a serious vulnerability in a building automation product from Sauter AG that could be exploited to steal files from an affected system. Sauter AG CASE Suit is a building automation product used worldwide that is affected by a high severity XML external entity (XXE)…
New attack by Anonymous Italy: personal data from ministries and police have been released online
New attack by Anonymous Italy: personal data from ministries and police have been released online. The site of Fratelli d’Italia, a post-fascist party, has been defaced The iconoclastic fury of Italian Anonymous does not stop. As announced, the three groups that coordinate the operation “Black Week”…
Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data
We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that…
Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks
Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and…
Stay connected