Remote Attack

Backdoor In Equipment Used For Traffic Control, Railways Called “Huge Risk”

UPDATE: Security researchers are warning about the risk posed by an embarrassing security hole in industrial control software by the firm RuggedCom. A hidden administrative account could give remote attackers easy access to critical equipment that is used to manage a wide range of critical infrastructure, including rail lines, traffic control systems and electrical substations.

A researcher has discovered a flaw residing in the Windows Help and Support Center, a feature that
provides users with online technical support. Malicious hackers can
exploit the weakness of Windows by embedding commands in web addresses
that activate the feature’s remote assistance tool, which allows
administrators to execute commands over the internet. Read the full article. [The Register] Read the advisory. []

Cisco has discovered a buffer overflow in version 2.6 of CiscoWorks Internetwork Performance Monitor (IPM) and previous versions for Windows; the flaw allows attackers to compromise vulnerable systems remotely, as well as a DDos flaw in Cisco IOS XR. Read the full article. [The H Security]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.