Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC)
A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft’s Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine. And guess what? The zero-day flaw has been confirmed…
Microsoft Flaw Allows Full Multi-Factor Authentication Bypass
This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. A vulnerability in Microsoft’s Active Directory Federation Services (ADFS) has been uncovered that would allow malicious actors to bypass…
Expert discovered a Critical Remote Code Execution flaw in Apache Struts (CVE-2018-11776)
Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for the Apache Struts 2 open source development framework addressed a critical RCE tracked as CVE-2018-11776. The vulnerability affects Struts…
BD Alaris Plus
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris GS, Alaris GH, Alaris CC, Alaris TIVA Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to gain unauthorized access to…
Microsoft Rolls Out New Intel Microcode for Windows 10, Server 2016
Microsoft has released multiple microcode updates that mitigate additional variants of the speculative code execution vulnerabilities affecting Intel processors. The patches cover the recently disclosed CPU flaws generically referred to as Foreshadow or L1 Terminal Fault. All security gaps covered by these patches are varieties of…
Philips IntelliVue Information Center iX
1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Philips IntelliVue Information Center iX Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSMA-18-233-01 Philips IntelliVue Information Center iX (Update A) that was published August…
Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
GE Intelligent Platforms Proficy HTML Help Vulnerabilities (Update A)
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
No Patch Available Yet for New Major Vulnerability in Ghostscript Interpreter
Tavis Ormandy, a Google Project Zero security researcher, has revealed details about a new major vulnerability discovered in Ghostscript, an interpreter for Adobe’s PostScript and PDF page description languages. Ghostscript is by far the most widely used solution of its kind. The Ghostscript interpreter is…
Dark Tequila Banking Malware Uncovered After 5 Years of Activity
Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013. Dubbed Dark Tequila, the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years…
Stay connected