The problems with the mitigations for the Meltdown flaw continue a security researcher has demonstrated that the Meltdown patch in Windows 10 can be bypassed. The Windows Internals expert Alex Ionescu discovered that a Meltdown patch issued for Windows 10 is affected by a severe vulnerability that could be exploited to bypass it. âCalling NtCallEnclave returned back […]
Security researchers have discovered a security vulnerability in Oracle Access Manager that can be exploited by a remote attacker to bypass the authentication and take over the account of any user. Security researcher Wolfgang Ettlinger from SEC Consult Vulnerability Lab has discovered a security vulnerability in Oracle Access Manager that can be exploited by a […]
Researchers at Tenable have disclosed technical details and a PoC code for a critical remote code execution vulnerability affecting Schneider Electric InduSoft Web Studio and InTouch Machine Edition products. Experts at security firm Tenable have discovered a critical remote code execution vulnerability affecting Schneider Electric InduSoft Web Studio and InTouch Machine Edition products. The InduSoft Web Studio […]
Microsoft released an out of band update to address a critical remote code execution vulnerability in the Windows Host Compute Service Shim library (hcsshim). Microsoft announced that it has issued a security update to address a critical remote code execution vulnerability in the Windows Host Compute Service Shim library (hcsshim). The Windows Host Compute Service […]
GitHub, world’s leading software development platform, forced password reset for some users after the discovery of a problem that caused internal logs to record passwords in plain text. GitHub urged some users to reset their passwords after a problem caused internal logs to record passwords in plain text. Some users published on Twitter the communication […]
Konrads Voits, the man who hacked into the computer system of Washtenaw County Jail to alter inmate records and gain early release for his friend, gets 7-Years in prison. In March 2017, Konrads Voits (27), hacked into the computer system of Washtenaw County Jail to alter inmate records and gain early release for his friend. […]
The NATO team is the winner of the Cyber Defence Exercise Locked Shields 2018 that took place on April 23-26 in Tallinn, Estonia. The international live-fire cyber defence exercise Locked Shields 2018 took place on April 23-26 in Tallinn, Estonia, and the figures behind this important competition are impressive. A total of 22 Blue Teams participated […]
Many companies using SAP systems ignore to be impacted by a 13-year-old security configuration that could expose their architecture to cyber attacks. According to the security firm Onapsis, 90 percent SAP systems were impacted by the vulnerability that affects SAP Netweaver and that can be exploited by a remote unauthenticated attacker who has network access […]
This week Mozilla announced that the upcoming Firefox 60 version will implement a new Cross-Site Request Forgery (CSRF) protection by introducing support for the same-site cookie attribute. An attacker can launch a CSRF attack to perform unauthorized activities on a website on behalf of authenticated users, this is possible by tricking victims into visiting a specially crafted webpage. “Cross-Site […]
Researchers at Trustwave have discovered that Western Digital My Cloud EX2 storage devices leak files. Security experts at Trustwave have discovered that Western Digital My Cloud EX2 storage devices leak files on a local network by default. The situation gets worse if users configure the device for remote access and expose them online, in this […]