Ransomware Attack Takes Down Bristol Airport’s Flight Display Screens
Bristol Airport has blamed a ransomware attack for causing a blackout of flight information screens for two days over the weekend. The airport said that the attack started Friday morning, taking out several computers over the airport network, including its in-house display screens which provide…
Flaw in update process for BMCs in Supermicro servers allows to deliver persistent malware or brick the server
A team of security researchers discovered a vulnerability in the baseboard management controller (BMC) hardware used by Supermicro servers. Researchers from security firm Eclypsium have discovered a vulnerability in the firmware update mechanism that could be exploited by hackers to deliver persistent malware, completely wipe and reinstall…
BusyGasper spyware remained undetected for two years while spying Russians
Security experts from Kaspersky Lab have uncovered a new strain of Android malware dubbed BusyGasper that remained hidden for two years. The BusyGasper Android spyware has been active since May 2016, it implements unusual features for this type of malware. Experts explained it is a unique…
Philips e-Alert Unit
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/exploitable from within the same local subnet Vendor: Philips Equipment: Philips e-Alert Unit (non-medical device) Vulnerabilities: Improper Input Validation, Cross-site Scripting, Information Exposure, Incorrect Default Permissions, Cleartext Transmission of Sensitive Information, Cross-site Request Forgery, Session Fixation, Resource…
Martem TELEM-GW6/GWM (Update B)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Martem Equipment: TELEM-GW6/GWM ——— Begin Update B Part 1 of 5 ——– Vulnerabilities: Missing Authentication for Critical Function, Incorrect Default Permissions, Resource Exhaustion, Cross-Site Scripting ——— End Update B Part 1…
CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011
Qualys experts discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Security experts from Qualys discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since…
ABB eSOMS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: eSOMS Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability requires an attacker to discover a valid user account, which could be used to gain access to the application without authentication….
Schneider Electric PowerLogic PM5560
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PowerLogic PM5560 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow user input to be manipulated, allowing for remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…
Schneider Electric Modicon M221
. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M221 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to remotely reboot the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…
Qualcomm Life Capsule
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Qualcomm Life Equipment: Capsule Datacaptor Terminal Server (DTS) Vulnerability: Code Weakness 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute unauthorized code to obtain administrator-level privileges on the…
Stay connected