Enterprise Vulnerabilities From DHS/US-CERT’s National Vulnerability Database CVE-2019-16195PUBLISHED: 2019-11-26 Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. CVE-2019-16201PUBLISHED: 2019-11-26 WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker. US-CERT has issued an advisory for vulnerabilities in Medtronic’s Valleylab FT10 and Valleylab FX8 Energy Platforms, both key surgical equipment that could be remotely exploited by a low-skill attacker. Vulnerabilities also affect Valleylab Exchange Client, officials report. The advisory details three vulnerabilities.
Agency offers tips on how to detect and eradicate the spyware. The Federal Trade Commission (FTC) today alerted consumers about the risk of mobile spyware that surreptitiously “stalks” smartphone users, snooping on call history, text messages, photos, GPS location, and browsing history. The warning comes the heels of the FTC’s settlement this week with app
Rapid7 researchers found holes in CAN bus networks that an attacker could exploit to sabotage its operation. The US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on newly found vulnerabilities in the controller area network (CAN) bus networks used on small aircraft that could be abused by an
A commercial vessel suffered a significant malware attack in February, prompting the US Coast Guard to issues an advisory to all shipping companies: Here be malware. In February 2019, a large ship bound for New York City radioed the US Coast Guard warning that the vessel was “experiencing a significant cyber incident impacting their shipboard
Microsoft patched a serious vulnerability in the Microsoft Outlook client in 2017, but an Iranian group continues to exploit the flaw. The US Cyber Command, the military agency tasked with US online operations, has warned companies and government agencies that malware linked to state-sponsored groups from Iran uses a flaw in Microsoft’s Outlook mail client
The drones are reportedly built with parts that can compromise organizations’ data and share it on a server accessible to the Chinese government. The US Department of Homeland Security warns Chinese-made drones could be transmitting flight data to manufacturers and, in doing so, make it accessible to the Chinese government. Data security concerns aren’t new