A long list of industrial-control modules manufactured by Schneider Electric and used to control operations at various industrial facilities contain multiple weaknesses and vulnerabilities that could allow an attacker to modify the firmware, login remotely and run arbitrary code on the vulnerable components. Security researcher Ruben Santamarta discovered and disclosed the problems and the ICS-CERT is warning users about the issue, as well.
Browsing Tag: vulnerabilities
Microsoft on Tuesday released 13 security bulletins, including three for critical flaws in Windows Media and in the Windows kernel-mode drivers. The company had planned on releasing 14 bulletins in December’s Patch Tuesday shipment, but officials said that one of the planned fixes was causing a compatibility problem with a third-party vendor’s products and is being held until that issue is remedied.
Google has fixed 15 security vulnerabilities in its Chrome browser, including six high-risk bugs. As part of its reward program, Google paid out $6,000 in rewards to researchers who reported flaws.
There are multiple reports emerging of two new vulnerabilities in Adobe Flash that could lead to remote code execution. There’s little information about the exact nature of the bugs available right now, and Adobe has not released any advisories or information about them either.
The newly discovered vulnerability in Adobe Reader and Acrobat that the company is planning to patch next week is being used to install a known Trojan that has been used in attacks against other Adobe vulnerabilities in the past.
You only have to glance at the headlines to know that the state of computer application security is bad. But a new report from Veracode makes clear how bad: just 16 percent of almost 10,000 applications tested in the last six months received a passing security grade on their first attempt.
Adobe is warning users about a critical vulnerability in its Reader and Acrobat applications that could lead to remote code execution. There are reports that attackers already are using the Reader bug in targeted attacks, and Adobe said it plans to have a patch ready by next week.
Adobe has patched a security flaw in its Flex SDK product that could lead to cross-site scripting attacks against some applications that were built using the SDK. The vulnerability affects versions 3.6 and below and 4.5.1 and below.
Java has become virtually unavoidable in the last few years, and it’s installed on hundreds of millions of PCs around the world. A huge number of those installations are vulnerable versions of Java, and this fact has not escaped the attention of attackers, who have made the technology one of their favored targets. In fact, new data from Microsoft shows that Java exploits were the most prevalent in the first six months of 2011, and that attackers often use exploits for bugs that are several months or years old.
Researchers have known for years that virus writers and attackers pay close attention to the analyses researchers do of their work, and it appears that the Duqu authors are no exception. Shortly after the first public reports about Duqu emerged in early autumn, the crew behind Duqu wiped out all of the command-and-control servers that had been in use up to that point, including some that had been used since 2009.