Apple has released a security update stating that Apple MacOS High Sierra (10.13) contains a flaw in how it authenticates disabled accounts. When a privileged action prompts the user for administrative credentials, the user can simply enter the user of “root” with an empty password. The first attempt appears to fail, but in actuality, this …
The data in this report provides insights on online threats in websites that were detected by Quttera automated tools and analysed by the malware research team. Read more about “Quttera Annual Website Report 2016” which can be downloaded via the TTCSIRT Website at https://ttcsirt.gov.tt/documents/website2016.pdf
Telstra Cyber Security Report 2017 provides insights into the current cyber security landscape to arm organisations with information on how to manage and mitigate their business risks. Read more about “Telstra Cyber Security Report 2017” which can be downloaded via the TTCSIRT Website at https://ttcsirt.gov.tt/documents/telstra2017.pdf
Uber said Tuesday that hackers accessed the personal data of 57 million of its users in a breach that had been covered up by the company for more than a year. Stolen information included the names, email addresses and mobile phone numbers of customers around the world, while the names and driver’s license numbers of …
Symantec has released an update to address a directory traversal vulnerability in the Symantec Management Console. Tracked as CVE-2017-15527, the security flaw has a CVSS score of 7.6 and has been assessed with a High severity rating, Symantec explains in an advisory published on Monday. The issue has been addressed in Symantec Management Console version …
Intel has released security updates to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system. Further information on these vulnerabilities and how they can be fixed can be found on …
Symantec has a security update stating that the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing “traverse to parent directory” are passed through to the file …
Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system. Further information on these vulnerabilities and how they can be fixed can be found on the Oracle Website at http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html
Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows: a) A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page allowing for …
Multiple vulnerabilities have been discovered in Microsoft products which, depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. A full list of all vulnerabilities and how they can be fixed can be found on the Microsoft Website …