An authentication bypass vulnerability in a Siemens device that’s used in energy automation systems could allow an attacker to gain control of the device. The vulnerability is in the Siemens SICAM MIC, a small telecontrol system that performs a number of functions and includes an integrated Web server and several other features. “The devices consist of[…]
Browsing Tag: vulnerabilities
Oracle has released its quarterly patch update, which includes fixes for nearly 200 vulnerabilities. The most notable bug fixed in this release is the Java zero day that’s been used in an ongoing attack campaign. The massive release from Oracle has patches for a long list of products, but the Java vulnerabilities are the heart[…]
Security researcher Jordan Wiens was awarded one million miles after submitting a remote code execution bug to United Airlines’ bug bounty program.
A researcher has uncovered a pair of vulnerabilities in the Kaseya VSA IT management platform, including an open redirect that could be used to force users to visit an attacker-controlled sites. Kaseya VSA is a platform designed to handle a wide variety of IT management tasks, including audit, inventory, security, patch management, backup and recovery,[…]
Several new versions of PHP have been released, all of which contain a number of bug fixes, most notably a patch for the so-called BACKRONYM vulnerability in MySQL. That bug in MySQL is caused by a problem with the way that the database software handles requests for secure connections. Researchers at Duo Security disclosed the[…]
The Linux Foundation’s Core Infrastructure Initiative announced it was releasing to open source data from the Census Project, which uses metrics identify under-resourced open source projects at risk.
Developers at Node.js over the weekend released a critical update to the runtime environment that addresses a bug that could be used to cause denial of service attacks.
Core Security disclosed information on command-injection vulnerabilities found in a number of AirLive IP-enabled cameras after repeated attempts to disclose to the manufacturer were ignored.
Dennis Fisher and Mike Mimoso discuss the OS X and iOS patches, the potential for the new cyber UL project run by Mudge, and the lawsuit against OPM after its data breach.
A week after admitting that several of its security appliances ship with static SSH keys, Cisco warned customers on Wednesday that its Unified Communications Domain Manager platform has a default, static password for an account that carries root privileges. The vulnerability affects versions of the software prior to 4.4.5 and the company said there are no[…]