Description: A vulnerability in the assignment and management of default user accounts for Secure Shell (SSH) access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affected access point. Impact:...
Read more
Last week, security firm Bitdefender, the Romanian Police, and Europol allegedly gained access to the GandCrab Ransomware’s Command & Control servers, which allowed them to recover some of the victim’s decryption keys. This allowed Bitdefender to release a tool that could decrypt some victim’s files. After this breach, the GandCrab developers stated that they would release a...
Read more
Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core – Highly critical – Remote Code Execution –...
Read more
Description: Apple has released security updates to address vulnerabilities in multiple products. The following is titled under this update : Safari 11.1 macOS High Sierra 10.13.4 iOS 11.3.1 Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor...
Read more
Description: Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The following products are covered by the updates : Cisco WebEx Clients Remote Code Execution Vulnerability cisco-sa-20180418-wbs(link is external) Cisco UCS Director Virtual...
Read more
Description: CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses). We would like to thank the CKEditor team for patching...
Read more
A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month—almost 18 months after receiving the responsible disclosure report. The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal sensitive information, including users’ Windows login credentials, just by convincing...
Read more
Do you think it is possible to extract data from a computer using its power cables? If no, then you should definitely read about this technique. Researchers from Israel’s Ben Gurion University of the Negev—who majorly focus on finding clever ways to exfiltrate data from an isolated or air-gapped computer—have...
Read more
Last year, the popular system cleanup software CCleaner suffered a massive supply-chain malware attack of all times, wherein hackers compromised the company’s servers for more than a month and replaced the original version of the software with the malicious one. The malware attack infected over 2.3 million users who downloaded or updated...
Read more
Symantec researchers have found a loophole in how iPhone users pair devices with Mac workstations and laptops. They say attackers can exploit this flaw —which they named Trustjacking— to take over devices without the phone owner’s knowledge. At the technical level, the Trustjacking security issue is rooted in the “iTunes...
Read more
