CVE-2018-4251 – Apple did not disable Intel Manufacturing Mode in its laptops
Positive Technologies while analyzing Intel Management Engine (ME) discovered that Apple did not disable Intel Manufacturing Mode in its laptops Experts from security firm Positive Technologies while analyzing Intel Management Engine (ME) discovered that Apple forgot did not lock it in laptops. The Intel Management Engine consists of a…
Chinese Spying Chips Found Hidden On Servers Used By US Companies
A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state. According to a lengthy report published today by Bloomberg, a tiny surveillance chip, not much bigger than a…
WECON PI Studio
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WECON Technology Co., Ltd. (WECON) Equipment: PI Studio Vulnerabilities: Stack-based Buffer Overflow, Out-of-Bounds Write, Information Exposure Through XML External Entity Reference, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code…
Delta Electronics ISPSoft
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Delta Electronics Equipment: ISPSoft Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the context of the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…
GE Communicator
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Communicator Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Exploitation could allow attackers to execute arbitrary code or create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Communicator, an…
Entes EMG 12
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Entes Equipment: EMG 12 Vulnerabilities: Improper Authentication, Information Exposure Through Query Strings in GET Request 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow attackers to gain unauthorized access and could allow the ability…
WECON LeviStudioU
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WECON Technology Co., Ltd Equipment: LeviStudioU ——— Begin Update A Part 1 of 3 ——— Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-Bounds Write, Improper Restriction of XML External Entity Reference ——— End Update A…
Philips iSite/IntelliSpace PACS Vulnerabilities
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Philips Equipment: iSite and IntelliSpace PACS Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Code/Source Code Vulnerabilities, Information Exposure, Code Injection, Weaknesses in OWASP Top Ten, and Improper…
Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash
The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra. Hidden Cobra, also known as Lazarus Group and Guardians of Peace,…
First UEFI malware discovered in wild is laptop security software hijacked by Russians
ESET Research has published a paper detailing the discovery of a malware campaign that used repurposed commercial software to create a backdoor in computers’ firmware—a “rootkit,” active since at least early 2017 and capable of surviving the re-installation of the Windows operating system or even hard drive…
Stay connected