Siemens has patched a serious remotely exploitable vulnerability in its SINAMICS S/G ICS software that could enable an attacker to take arbitrary actions on a vulnerable installation without having to authenticate. The vulnerability affects all versions of the Siemens SINAMICS S/G products with firmware versions earlier than 4.6.11. ICS-CERT, a pat of the Department of Homeland Security,[...]
Browsing Category: Vulnerabilities
Attackers are able to bypass the reflective cross-site scripting filter in Internet Explorer; the weakness is accepted by Microsoft as part of its design philosophy for the filter and will not be fixed.
VMware released patches yesterday to fix a vulnerability that could have led to a privilege escalation in older Windows systems running in virtual environments.
Although there are still a number of issues that need to be addressed with the Department of Homeland Security’s information security efforts, the department is improving in many areas and making strong progress toward implementing better security controls, a new report from the Inspector General found. DHS, which is responsible for a large portion of[...]
The researchers who discovered a serious vulnerability in Android 4.3 Jelly Bean that enables a malicious app to disable the security locks on a vulnerable device have published a proof-of-concept app that exploits the bug, as well as source code for the app.
D-Link has patched a backdoor vulnerability in a number of different versions of its routers that could allow an attacker using a particular string to access the router’s admin panel and make any changes.
There is a vulnerability in Android 4.3 Jelly Bean that enables a malicious app to disable all of the security locks on a given device, leaving it open to further attacks.
A researcher in Israel disclosed details on a Google account recovery vulnerability that was recently patched by the company.
Debian has released patches for a pair of security vulnerabilities in the free operating system, including a security bypass flaw in the Nginx Web server. The other vulnerability lies in a Perl module used in the OS.
The term “best practices” is high on the list of overused and nearly meaningless phrases that get thrown around in the security field. It forms the basis for regulations such as HIPAA and PCI DSS and yet if you asked a random sample of 10 security people what the phrase meant, you’d likely get 10 different answers. But what if there aren’t actually any best practices?