Flaws allows malicious users to modify content Enterprise network security specialists report that the popular instant messaging app WhatsApp has been affected by multiple security vulnerabilities that could allow malicious users to intercept and modify the content of messages sent in both private and group chats. Discovered by Israeli enterprise network security experts, the vulnerabilities take advantage of a […]
The OpenEMR system is used around the world Enterprise network security specialists from the International Institute of Cyber Security stated that health records of nearly 100 million patients worldwide were threatened by security problems with a popular system of patient administration. Almost 30 vulnerabilities were found in the OpenEMR system, by a group of specialists […]
The company has launched patches for two serious bugs that affect over 160 models of multifunctional printers A few days after publishing their vulnerability bounty program that offers up to $10K USD for enterprise network security investigators to find bugs in their printers, HP has released two firmware patches for two severe bugs present in many models. Enterprise network […]
In a new study made by cybersecurity firm Rapid 7, it was revealed that their company’s penetration testers had successfully exploited at least one software vulnerability to 84% of all the companies that was included in the study. The test was done from early September 2017 through mid-June 2018 and involved a total number 268 […]
Newly discovered malware campaign distributing powerful FELIXROOT Backdoor using Microsoft Office Vulnerabilities to compromise the victim’s windows computers. FELIXROOT backdoor campaign initially discovered in September 2017 that distributed via malicious Ukrainian bank documents with macro that download the backdoor from C&C server. Currently attackers distributing weaponized lure documents that contains exploits for Microsoft office vulnerabilities CVE-2017-0199 and CVE-2017-11882 […]
The Apache Software Foundation (ASF) has released security updates to address multiple vulnerabilities on its Apache Tomcat application server, one of which allows a remote attacker to receive confidential information. Apache Tomcat is an open source web server and a servlet system that uses several Java EE specifications, such as Java Servlet, JavaServer pages, expression language, […]
Cybersecurity researchers have detected a couple of vulnerabilities in an IoT vacuum cleaner lineup that could let hackers spy on the victims, perform video surveillance, and even steal their sensitive personal data—all without ever turning it on. Leonid Krolle and Georgy Zaytsev, two researchers at Positive Technologies, have uncovered the vulnerabilities in the Dongguan Diqee […]
GandCrab ransomware, which has created a hullabaloo in the cybersecurity industry by constantly evolving, has yet again caused a commotion. The latest version of the ransomware attacks system using SMB exploit spreader via compromised websites. The ransomware is adding new features every day to target different countries. The attackers behind the ransomware are scanning the […]
PowerShell script to quickly find missing Microsoft patches for native privilege escalation vulnerabilities. Currently looks for: MS10-Zero15 : User Mode to Ring (KiTrap0D) MS10-092 : Task Scheduler MS13-053 : NTUserMessageCall Win32ok Kernel Pool Overflow MS13-081 : TrackPopupMenuEx Win32ok NULL Page MS14-058 : TrackPopupMenu Win32ok Null Pointer Dereference MS15-051 : ClientCopyImage Win32ok MS15-078 : Font Driver […]
Siemens warns of the presence of six vulnerabilities in some of its SICLOCK central clocks, which synchronize the time in industrial environments, as reported by specialists in pentest from the International Institute of Cyber Security. “In case of failure or loss of reception from the primary time source, the central clock of the plant ensures […]
A survey was conducted by Outpost24 to identify the managing of cyber-security exposure. This survey was conducted at Infosecurity and around 250 plus IT professionals were present for the event. The study found that UK organization is proactive when it comes to security compared to their US counterparts. Most of the organizations in the UK run security […]
So what is this Lynis tool all about? Lynis is a security tool used for auditing Unix based systems it’s main aims are to achieve automated security auditing, compliance testing for standards such as ISO27001, PCI-DSS and HIPAA. It also offers vulnerability detection for areas of the system that could be vulnerable to issues such […]
A group of pentest researchers has demonstrated ability to passively identify session details and perform hijacking, allowing phishing attacks. According to the International Institute of Cyber Security, researchers have found vulnerabilities in LTE standards, which leave users vulnerable to possible attacks, such as determining user identities, determining which websites accessed a particular user and modify DNS traffic, […]
Cisco, a company dedicated to manufacturing telecommunications devices, launched patches for 34 failures in its software, including solutions for five critical vulnerabilities of arbitrary code execution in its operating system. Reports from information security specialists argue that critical flaws were rated with 9.8 out of 10 on the CVSS scale. Four of these vulnerabilities affect Cisco’s […]
Cisco released patches for 34 vulnerabilities affecting multiple products that include 5 critical vulnerabilities, 20 High severity vulnerabilities and 9 medium level vulnerabilities. Critical Vulnerabilities Cisco patched 5 critical Vulnerabilities in FXOS and NX-OS Software that allows attackers to execute a remote arbitrary code that causing a buffer overflow, denial of service (DoS), to read […]
An information security expert explains that, Archery is an open source vulnerability management and evaluation tool that helps developers and evaluators perform scans and manage vulnerabilities. Archery uses open source tools to perform a complete scan of the web application and the network. In the same way, this tool performs the dynamic authenticated scanning of the web […]
Multiple Vulnerabilities found in IBM QRadar chained together allows a remote attacker to bypass authentication and to execute arbitrary commands with root privileges. The IBM QRadar is an enterprise security information and event management (SIEM) product that collects the logs from log data from Operating system, Vulnerabilities, user activities, behaviors and networking devices. It can […]
After an investigation, security professionals have found a backdoor account in the firmware of the D-Link DIR-620 routers; this allows malicious actors to take over any device accessible through the Internet. This backdoor, was found by Kaspersky Lab’s information security experts, the backdoor grants access to the device’s web panel, and there is no way that device […]
A research team from the Tencent firm discovered several security vulnerabilities in BMW models. Tencent Keen Security Lab’s information security experts found 14 vulnerabilities that affect several BMW models, including models; BMW i, BMW X, BMW 3 Series, BMW 5 Series and BMW 7 Series. The investigation was conducted for one year between January 2017 and February […]
A recent investigation revealed six vulnerabilities in Dell EMC RecoverPoint devices. One of the flaws found allows attackers to execute remote unauthenticated code with administrator privileges. A team of information security experts explain in one publication that if an attacker without knowledge of any credentials has RecoverPoint visibility on the network or local access to it, he […]
In an unusual case someone managed to develop a malware attack that, with one click, exploits separate zero-day vulnerabilities in two different pieces of software. Even more exceptional is that an error burns a unicorn before it can be used. According to information security experts, this is precisely what happened with a malicious PDF document designed to […]