Blog Posts Tagged with "Advisory"

7fef78c47060974e0b8392e305f0daf0

Cisco Released Multiple Security Advisories

March 02, 2012 Added by:Infosec Island Admin

Cisco has released six security advisories this week to address vulnerabilities that may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with escalated privileges and bypass security restrictions...

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

Is ICS-CERT Focused on the Right Issues?

February 21, 2012 Added by:Joe Weiss

Analysis of the incident database shows the most significant events from an impact perspective were control system related - yet they represent only 24 of the 203 advisories ICS-CERT put out in the last year. It appears ICS-CERT is focusing on the less important issues...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: 7Technologies TERMIS DLL Hijacking

February 21, 2012 Added by:Infosec Island Admin

The 7T TERMIS software is vulnerable to DLL Hijacking. An attacker may place a malicious DLL in a directory where it will be loaded before the valid DLL. This vulnerability may allow execution of arbitrary code and may be exploitable from a remote machine...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: 7T AQUIS DLL Hijacking Vulnerability

February 20, 2012 Added by:Infosec Island Admin

An uncontrolled search path element vulnerability, commonly referred to as DLL Hijacking, in the 7-Technologies (7T) AQUIS software could lead to arbitrary code execution with successful exploit...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech Webaccess Multiple Vulnerabilities

February 17, 2012 Added by:Headlines

ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Exploit Tool Releases for ICS Devices Advisory

February 16, 2012 Added by:Headlines

Security researchers and others have released tools exploiting ICS vulnerabilities. These targeted exploits are readily available through various tools and from exploit developers. Multiple threat elements are combining to significantly increase the ICS threat landscape...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Microsoft Issues Updates for Multiple Product Vulnerabilities

February 15, 2012 Added by:Headlines

Microsoft released updates to address vulnerabilities in Windows, Internet Explorer, Microsoft .NET Framework, Silverlight, Office, and Microsoft Server Software that could allow attackers to execute arbitrary code, cause a denial of service, or gain unauthorized access...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool

February 15, 2012 Added by:Headlines

A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech BroadWin WebAccess Vulnerabilities

February 10, 2012 Added by:Headlines

ICS-CERT is aware of a public report about an RPC server vulnerability with proof-of-concept (PoC) exploit code affecting the Advantech BroadWin WebAccess software, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Invensys Wonderware HMI XSS Vulnerabilities

February 09, 2012 Added by:Headlines

Researchers Billy Rios and Terry McCorkle have identified cross-site scripting (XSS) and write access violation vulnerabilities in the Invensys Wonderware HMI reports product that could result in data leakage, denial of service, or remote code execution...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Tax Season Phishing Scams and Malware Campaigns

February 09, 2012 Added by:Headlines

Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign. These messages may appear to be from the IRS and ask users to submit personal information...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Punzenberger COPA-DATA HMI Vulnerabilities

February 08, 2012 Added by:Headlines

Researcher Kuang-Chun Hung has identified multiple denial-of-service (DoS) vulnerabilities in the Ing. Punzenberger COPA-DATA GmbH zenon human-machine interface (HMI) system which may allow an attacker to execute a DoS attack and potentially execute arbitrary code...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Brute Force and SSH Scanning Attacks

February 06, 2012 Added by:Headlines

ICS-CERT is aware that systems that provide SSH command line access are common targets for “brute force” attacks. As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Siemens Simatic WinCC Vulnerabilities

January 31, 2012 Added by:Headlines

Successful exploitation of these vulnerabilities could allow an attacker to log on to a vulnerable system as a user or administrator with the ability to execute arbitrary code or obtain full access to files on the system. Publicly available exploits are known...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

US-CERT Warns of Denial-of-Service Malware Campaign

January 26, 2012 Added by:Headlines

US-CERT has received reports of attacks using malware-laden email attachments. The advisory comes one week after multiple DDoS attacks were launched against entertainment industry and US government websites by Anonymous supporters in an operation dubbed OpMegaupload...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Ocean Data Systems Dream Report Vulnerabilities

January 25, 2012 Added by:Headlines

A XSS vulnerability exists in the Ocean Data Dream Report application due to the lack of server-side validation of query string parameter values. An attacker with a low skill level can create the XSS exploit. A write access violation vulnerability also exists in the application...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »
Most Liked