Data of 130 Million Chinese Hotel Chain Guests Sold on Dark Web Forum
A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum. The breach was reported today by Chinese media after several cyber-security firms spotted the forum ad [1, 2, 3, 4]. The seller said he obtained…
Philips cardiovascular software found to contain privilege escalation, code execution bugs
Multiple versions of cardiovascular imaging and information management software from Philips have been found to contain vulnerabilities that could lead to escalated privileges and arbitrary code execution. The first vulnerability, CVE-2018-14787, is a high-severity flaw (CVSS score of 7.3) found in versions 2.x or prior of Philips’ IntelliSpace…
Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC)
A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft’s Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine. And guess what? The zero-day flaw has been confirmed…
Microsoft Flaw Allows Full Multi-Factor Authentication Bypass
This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. A vulnerability in Microsoft’s Active Directory Federation Services (ADFS) has been uncovered that would allow malicious actors to bypass…
Expert discovered a Critical Remote Code Execution flaw in Apache Struts (CVE-2018-11776)
Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for the Apache Struts 2 open source development framework addressed a critical RCE tracked as CVE-2018-11776. The vulnerability affects Struts…
BD Alaris Plus
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris GS, Alaris GH, Alaris CC, Alaris TIVA Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to gain unauthorized access to…
Microsoft Rolls Out New Intel Microcode for Windows 10, Server 2016
Microsoft has released multiple microcode updates that mitigate additional variants of the speculative code execution vulnerabilities affecting Intel processors. The patches cover the recently disclosed CPU flaws generically referred to as Foreshadow or L1 Terminal Fault. All security gaps covered by these patches are varieties of…
Philips IntelliVue Information Center iX
1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Philips IntelliVue Information Center iX Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSMA-18-233-01 Philips IntelliVue Information Center iX (Update A) that was published August…
Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
GE Intelligent Platforms Proficy HTML Help Vulnerabilities (Update A)
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
Stay connected