Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution...
Read More
Modern-day vehicles have become overly digitized for the sake of offering advanced technicality to drivers. However, being digital cannot ensure optimal security and the same has been the case with smart cars. Security researchers Daan Keuper and Thijs Alkemade from Computest claim that some of the car models manufactured by Audi and Volkswagen contain a flaw that can be exploited by attackers easily over the...
Read More
Bezop, a cryptocurrency startup exposed highly personal details of more than 25,000 of its investors online which were publicly accessible to anyone with an Internet connection. The platform which is supported by John McAfee left the personal details exposed due to an unprotected MongoDB database. The exposed data included full names, email addresses, physical addresses, wallet information, encrypted passwords, copies driver’s license and passports. The database was discovered...
Read More
WannaCry accounted for 90% of ransomware detections last year, with activity among other families declining as cyber-criminals gradually lost interest, according to new research from F-Secure. The Finnish security vendor’s latest report, The Changing State of Ransomware, revealed that aside from the notorious crypto-worm, Locky, Mole, Cerber, and Cryptolocker were also popular ransomware families in 2017. However, despite attacks increasing 415% on 2016 figures, and detections of...
Read More
Security researchers have found tainted versions of the legitimate LoJack software that appeared to have been sneakily modified to allow hackers inside companies that use it. Researchers say domains found inside the tainted LoJack instances have been previously tied to other hacking operations carried out by APT28, a codename used to describe a nation-state-backed cyber-espionage group located in Russia, with ties to the company’s military intelligence. APT28...
Read More
Free WiFi is available nearly everywhere these days, giving us the ability to work remotely in hotels, coffee shops, restaurants and public parks. It’s convenient and liberating, but potentially unsafe. Connecting to a public network requires little authentication — at best you’ll be greeted by a captive portal and have to check a box agreeing to the terms of service (ToS), or ask an employee for the...
Read More
Description: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe Impact: An attacker can exploit this issue to cause denial-of-service conditions. OpenSSL...
Read More
Description: A flaw was found in the way the Linux KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Impact: An attacker can leverage this issue to gain elevated privileges...
Read More
Description: A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user’s privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a...
Read More
Description: A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of certain 802.11 management information element frames that an affected device receives from wireless clients. An attacker could exploit...
Read More
