Oracle has released its Critical Patch Update for July 2017 to address 308 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle July 2017 Critical Patch Update at http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
The Simple Network Management Protocol subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via …
A security researcher testing a Juniper NetScreen Firewall + VPN found multiple stored cross-site scripting vulnerabilities that could be used to elevate privileges through the NetScreen WebUI. A user with the ‘security’ role can inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute …
The Samba Team has reported a critical vulnerability in all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos. A Man-In-The-Middle Attacker may impersonate a trusted server and thus gain elevated access to the domain by returning malicious replication or authorization data. A patch addressing this defect has been posted to https://www.samba.org/samba/security/ while Samba …
Why are these warnings important? Like the real world, technology and the Internet present dangers as well as benefits. Equipment fails, attackers may target you, and mistakes and poor judgment happen. Just as you take precautions to protect yourself in the real world, you need to take precautions to protect yourself online. For many users, …
What is a social engineering attack? In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that …
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates: a) Elastic Services Controller Unauthorized Access Vulnerability – cisco-sa-20170705-esc2 b) Ultra Services Framework …
Joomla has released version 3.7.3 of its Content Management System software to address several vulnerabilities: a) Core – Information Disclosure affecting Joomla 1.7.3-3.7.2 b) Core – XSS Vulnerability affecting Joomla 1.7.3-3.7.2 c) Core – XSS Vulnerability affecting Joomla 1.5.0-3.6.5 Further information on these vulnerability updates and fixes can be found on the Joomla Website at …
The Petya Ransomware successfully infected several industries including banks as well as media outlets, energy companies, power and utilities, telecoms, life sciences, transportation government agencies, airports and radiation monitoring equipment within the Chernobyl power plant. While Ukraine seems to have been the first and hardest hit, other organizations across the globe were affected. We are …
After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was …