Cyber Security Newsfeeds from around the world
XL-19-005 – ABB HMI Absence of Signature Verification Vulnerability ======================================================================== Identifiers ———– XL-19-005 CVE-2019-7229 ABBVU-IAMF-1902003 ABBVU-IAMF-1902012 CVSS Score ———- 8.3…
Continue ReadingOriginal posting: https://xor.cat/2019/06/19/fortinet-forticam-vulns/ ## Background In March of 2019 I discovered five vulnerabilities in Fortinet’s FortiCam FCM-MB40[1] product. Part-way through disclosing this vulnerability, I discovered that the FCM…
Continue ReadingRDP on the Radar. Eamonn Ryan Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or “Bluekeep.” The blog highlights a particular vulnerability in RDP which was deemed critical by Microsoft due to the…
Continue ReadingIn a research conducted by the Tokyo-based cybersecurity and threat defense firm Trend Micro, it was revealed that there is a new cryptomining malware bot that’s particularly targeting Android devices. The miner exploits the Android Debug Bridge port s…
Continue Reading.
The OpenSSH project has received a patch that prevents private keys from being stolen through hardware vulnerabilities that allow hackers to access restricted memory regions from unprivileged processes. The same approach could be used by other softw…
Continue ReadingIn the past days, a really important issue has been disclosed to the public: “Return of the WiZard” vulnerability (ref. EW N030619, CVE-2019-10149). Such vulnerability affected a wide range of Exim servers, one of the main email server technologies, ex…
Continue ReadingCisco emits critical bug fixes. Admins running Cisco gear will need to dedicate some time to updating their software an firmware following the
from Switchzilla. release of 26 security patches Of the fixes, three are for critical flaws: CVE-2019-1663 i…
Continue ReadingRemember last week’s urgent warning over a Firefox remote code execution zero-day vulnerability – CVE-2019-11707 – that criminals were said to be exploiting in real-world attacks? Two days later, it emerged that there was a second sandbox escape zero-d…
Continue Readingon 06/24/2019 03:07 PDT Tyler Lee Just the other day, Mozilla issued a patch for a recently-discovered zero-day vulnerability discovered in its Firefox browser . Unfortunately, it turns out that was not the only security flaw that the browser had becau…
Continue Readingare just some samples, RAMBleed Now OpenSSH encrypts secret keys in memory against Side-Channel attacks. Many experts demonstrated variants of side-channel attacks against OpenSSH application installed on targeted systems. In the attack scenario, a pro…
Continue Reading