Category: Security Updates

0

WannaCry, the largest ransomware-spread campaign to date!

If you think that updating operating systems is not necessary, think again! Within the scope of the largest ransomware-spread campaign to date, more than 223.000 computers across 99 countries worldwide (including United States, Russia, India, Germany, Africa, Philippines, China …) have been infected. Here is the story behind the WannaCry ransomware and protection methods… On May 12th, National Cryptological Center of Spain...

507 total views, 3 views today

0

Multiple vulnerabilities found in Asus RT routers, update needed

Changing default credentials is one of the most important security precautions. And the latest Asus wireless router vulnerability is just another example that shows why you need to change it. Security experts from ‘Nightwatch Cybersecurity’ have discovered multiple vulnerabilities in 40 different Asus RT router models. According to experts, recent vulnerabilities allows malicious sites to login and change the router settings, exfiltrate router...

425 total views, no views today

0

New OpenBSD vulnerability allows man-in-the-middle (MitM) attack

OpenBSD is a free and open source Unix-like computer operating system based upon Berkeley Software Distribution (BSD, a Unix operating system derivative) and it is one of the most secure operating systems available. But, like all other operating systems, it is also vulnerable to attacks and needs patching. Network and wireless security researcher Mathy Vanhoef has discovered a new vulnerability in OpenBSD’s...

675 total views, 2 views today

0

A new denial-of-service (DoS) vulnerability was discovered in BIND DNS, updates available

A serious vulnerability was discovered in multiple versions of BIND DNS software that allows a remote attacker to conduct denial-of-service (DoS) attack. BIND is the most widely used Domain Name System (DNS) on the internet that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users. On Unix-like operating systems it...

724 total views, 2 views today

0

F5 BIG-IP ASM Web Application Firewall vulnerability allows remote attackers to launch DoS attack

A ‘high severity’ vulnerability was discovered in ‘F5 Networks BIG-IP Application Security Manager (ASM)’ web application firewall that allows a remote attacker to conduct denial-of service (DoS) attack. BIG-IP ASM is one of the popular enterprise web application firewalls (WAF). According to F5 Networks, it is deployed in more data centers than any enterprise WAF.  It is available as an appliance, virtual...

833 total views, no views today

0

Apple released security updates to patch critical iOS, macOS, watchOS and tvOS vulnerabilities.

If you own Mac, iPhone (5 and later), iPad (4th generation and later), iPod touch (6th generation and later), Apple TV (4th generation) or Apple watch, you need to install the latest Apple security updates. Company has released security updates for it’s operating systems including iOS, macOS, OS X, tvOS and watchOS to patch critical vulnerabilities. Some of these vulnerabilities allows an attacker...

715 total views, no views today

0

Juniper released software updates to fix vulnerabilities in Junos CLI, Junos Space, CTPView, vMX and Junos J-Web interface.

Juniper released software updates to fix some critical vulnerabilities in Junos OS Command Line Interface, Junos Space, CTPView, Virtual MX series (vMX) router software and Junos OS J-Web interface. Junos Space Network Management Platform vulnerabilities Junos Space Network Management Platform contains critical vulnerabilities and any Juniper products/platforms running Junos Space prior to version 15.2R2 need to be updated as soon as possible. According...

870 total views, no views today

0

Ongoing DoS attacks against BIND DNS software reported, update needed!

BIND is the most widely used ‘Domain Name System’ (DNS) software on the Internet, which originally designed for BSD operating systems. And it is a de facto standard on Unix-based systems. On September 27, Internet Systems Consortium (ISC) released a security advisory to highlight a critical vulnerability that allows remote attackers to cause a denial-of-service (DoS) via a crafted query. It is one...

912 total views, 6 views today

0

‘U by BB&T’ iOS banking application fails to properly verify SSL certificates

‘Improper certificate validation’ is simply a vulnerability in which a software fails to properly validate certificates provided by HTTPS connections. This vulnerability allows a man-in-the-middle attacker to spoof servers and obtain sensitive information (such as login credentials) via a crafted certificate. If you are using ‘U by BB&T’ application, the mobile banking application of ‘BB&T-Branch Banking and Trust’ (one of the largest financial...

987 total views, no views today

0

Multiple DoS vulnerabilities found in OpenSSL, update needed

If you are using OpenSSL to secure your web servers, then you may have a security issue again. Because multiple vulnerabilities found [1,2]  in popular open-source cryptography library that may lead to crashing of target server remotely. And as a system administrator, you need to know that your servers using OpenSSL may remain vulnerable until you patch them. OpenSSL, which contains an...

1,410 total views, no views today

0

Netgear D6000 and D3600 routers contain hard-coded cryptographic keys and are vulnerable to authentication bypass

If you have Netgear D6000 or D3600 router devices with 1.0.0.49 and prior firmware versions installed in your network environment, you should update your device to firmware version 1.0.0.59 which released by Netgear on Friday to patch two critical vulnerabilities. Successful exploitation of vulnerabilities by remote unauthenticated attacker may allow gaining administrator access to affected device, performing man-in-the-middle attack on victims network or...

2,110 total views, 4 views today

0

Critical XSS vulnerability found in popular WordPress forum plugin bbPress, update available

Imagine for a second that WordPress is a castle which you have to protect from attacks. At this point, every plugin you installed becomes a gate to your castle and you need to ensure the safety of these gates. A recently found vulnerability in popular WordPress forum plugin bbPress is an example of this situation which may affected some 300.000 websites, including wordpress.org support forum....

1,719 total views, no views today

0

Open redirect vulnerability in Cisco WebEx Meetings Server allows phishing attacks, update needed

Cisco WebEx Meetings Server is a virtualized conferencing solution which combines audio, video and web conferencing in a single solution. Cisco has released a security advisory describing an open redirect vulnerability in the Cisco WebEx Meetings Server (CWMS) web interface that allows an unauthenticated, remote attacker to redirect a user to a malicious web page and conduct phishing attacks. Improper input validation of the...

1,047 total views, no views today

0

Critical vulnerabilities allow remote disclosure of information in HP Data Protector, update needed

Sometimes companies use the same password or certificate private key in their software developments which usually makes the software (or the platform it runs on) vulnerable to critical attacks like man-in-the-middle (MITM). A recent vulnerability discovered in HP’s popular automated server backup and recovery software is the latest example of this situation. Hp Data Protector is automated backup & recovery software for single-server...

1,717 total views, 2 views today

0

Cisco fixed a critical vulnerability in UCS central software

Cisco Unified Computing System (UCS) is a data center server platform that consist of hardware, virtualization support, switching fabric and management software. And Cisco UCS Central software is a software for managing multiple Cisco UCS instances or domains and supports up to 10.000 Cisco UCS servers. Cisco has recently fixed a critical vulnerability in web framework of Cisco UCS Central Software which...

1,145 total views, no views today

0

11.5 million HTTPS servers are vulnerable to highly critical DROWN Attack

Security researchers have discovered a highly critical vulnerability which allows attackers to break the encryption on SSLv2 allowed servers such as websites or mail servers and steal sensitive information including passwords, credit card numbers, e-mails and instant messages. The critical vulnerability which affects HTTPS protocol and other services that rely on SSL and TLS, dubbed as “DROWN” (Decrypting RSA with Obsolete and Weakened eNcryption)...

2,131 total views, no views today

0

Patch your Cisco Firewall: Critical ASA vulnerability may allow attackers to obtain full control of the affected system

If you have one of the Cisco ASA firewall devices listed at the end of this page and you configured your firewall device to terminate IKEv1 or IKEv2 VPN connections such as LAN-to-LAN IPsec VPN, Remote access VPN using the IPsec VPN client, Layer 2 Tunneling Protocol (L2TP)-over-IPsec VPN connections or IKEv2 AnyConnect, it means that  your device is most likely...

1,158 total views, no views today

0

Critical OpenSSL flaw allows attackers to decrypt secure HTTPS traffic

OpenSSL is the widely used open-source library that provides cryptographic functionality (implementation of SSL, TLS) to applications. It is used in applications that need secure connections such as secure web servers. The OpenSSL project team has released an update to patch a critical vulnerability that allows an attacker to obtain the private encryption key and decrypt the secure traffic (HTTPS). A...

998 total views, no views today

0

Multiple vulnerabilities in ASUS RT-G32 router allows arbitrary code injection.

Affected products / software : ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 . Vulnerability overview : Cross-site scripting and cross-site request forgery vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to inject arbitrary web script or HTML and change device settings including admin password. Solution / patch info / workaround : Firmware update available on...

1,864 total views, no views today

0

Critical vulnerability in vBulletin SEO extension allows remote command execution

vBSEO is a useful and widely used Search Engine Optimization (SEO) extension for the popular internet forum software package vBulletin. A critical ‘unauthenticated script injection’ vulnerability has been found in vBSEO which may lead to a full remote command execution on affected systems. An attacker can exploit the vulnerability to inject malicious code or to take down affected websites. The full command execution...

3,424 total views, no views today