Blog Posts Tagged with "Advisory"

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GarrettCom Magnum Privilege Escalation

September 04, 2012 Added by:Infosec Island Admin

Successful exploitation of this vulnerability could allow escalation of privileges to full administrative access. The privilege escalation could provide the attacker a vector for making changes to settings, or initiating a complete device shutdown causing a denial of service...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: OSIsoft Stack-Based Buffer Overflow Vulnerability

July 23, 2012 Added by:Infosec Island Admin

ICS-CERT has received a report from OSIsoft concerning a stack-based buffer overflow in the PI OPC DA Interface software that could cause the software to crash or allow a remote attacker to execute arbitrary code. This vulnerability was discovered during a software assessment requested by OSIsoft and funded by DHS...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Control System Internet Accessibility

June 25, 2012 Added by:Infosec Island Admin

ICS-CERT is tracking and has responded to multiple reports of researchers using SHODAN, Every Routable IP Project (ERIPP), Google, and other search engines to discover Internet facing control systems. ICS-CERT has identified system owners and operators to notify them of their potential vulnerability...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WAGO I/O 750 Multiple Vulnerabilities

June 21, 2012 Added by:Infosec Island Admin

The reported vulnerabilities from DSecRG have been coordinated with WAGO. WAGO has determined that the vulnerabilities can be mitigated by adjusting system configurations of services not in use. WAGO has released a customer cybersecurity notification on best security practices its products...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

sKyWIper-Flame Malware Cryptographic Collision Attack

June 07, 2012 Added by:Infosec Island Admin

The sKyWIper malware uses a new cryptographic collision attack in combination with the terminal server licensing service certificates to sign code as if it came from Microsoft. However, code-signing without performing a collision is also possible. This is an avenue for compromise that may be used by additional attackers..

Comments  (0)

296634767383f056e82787fcb3b94864

Google's Worst Security Idea Ever

June 06, 2012 Added by:Jeffrey Carr

Google announced that it will notify a subset of its Gmail customers if they're the victim of a State-sponsored attack. Google's advice is FUD-inducing for people who aren't targets and insufficient for those who are. I have to wonder what Google was thinking when it created this awful program...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Emerson DeltaV Multiple Vulnerabilities

May 31, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Emerson DeltaV application which can be can be exploited by a remote attacker and could allow denial of service, information disclosure, or remote code execution. Emerson has produced a hotfix that mitigates these vulnerabilities...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Citadel Malware Delivers Reveton Ransomware to Extort Money

May 31, 2012 Added by:Headlines

A new Citadel malware platform is being used to deliver ransomware named Reveton, which lures the victim to a drive-by download website, and the ransomware is installed. The computer then freezes and a screen is displayed warning the user they have violated United States Federal Law...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Cryptography for Passwords

May 30, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: xArrow Multiple Vulnerabilities

May 25, 2012 Added by:Infosec Island Admin

Security researcher Luigi Auriemma identified and released four security vulnerabilities, along with proof-of-concept code, in the xArrow software application which may cause a denial-of-service condition or allow an attacker to execute arbitrary code...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow

May 21, 2012 Added by:Infosec Island Admin

Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Progea Movicon Memory Corruption Vulnerability

May 11, 2012 Added by:Infosec Island Admin

Security researcher Dillon Beresford of IXIA has identified a memory corruption vulnerability in the Progea Movicon application. This vulnerability can be exploited by a remote attacker to read an invalid memory address resulting in a denial of service...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WellinTech KingView DLL Hijack Vulnerability

May 02, 2012 Added by:Infosec Island Admin

Independent researcher Carlos Mario Peñagos Hollman identified a DLL Hijack vulnerability in WellinTech’s KingView application. WellinTech has created a patch that resolves the vulnerability. Mr. Hollman has tested the patch and verified that it resolves the vulnerability...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Cryptography Vulnerability

April 27, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of a default backdoor user account with a password with trivial encoding affecting RuggedCom RuggedSwitch and RuggedServer devices using Rugged OS. The vulnerability is exploitable by generating a password from known data about the device...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Scalance X Industrial Ethernet Vulnerability

April 18, 2012 Added by:Infosec Island Admin

Exploitation of the vulnerability allows an attacker to perform malicious actions which may lead to a denial of service condition or possible arbitrary code execution. These actions may ultimately impact the process environment in which the system is deployed...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

HP Releases ProCurve 5400 zl Switches Security Bulletin

April 13, 2012 Added by:Headlines

"A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity..."

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »