Collaborate Disseminate
CVE-2019-0604, a critical vulnerability opening unpatched Microsoft SharePoint servers to attack, is being exploited by attackers to install a web shell. The web shell allows them to achieve continuous access to the system and, potentially, to the inte… Continue reading SharePoint servers under attack through CVE-2019-0604
Dell computer owners should update the Dell SupportAssist software as soon as possible to close a high-risk remote code execution vulnerability. What is Dell SupportAssist? SupportAssist is software that comes pre-installed on most Dell laptops and com… Continue reading Flaw in pre-installed software opens Dell computers to remote hijack
Charles Fol, the security engineer that unearthed the Carpe Diem Apache HTTP Server bug (CVE-2019-0211), has released an exploit for it. “This is between a POC and a proper exploit. I added tons of comments, it is meant to be educational as well,… Continue reading PoC exploit for Carpe Diem Apache bug released
A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t implemented the provided security update or patch, now is the time to do it. Magento devs, if you haven’t patched already, do it ASAP. We’ve already seen attempts at two of our shops using the published POC. We’re safe because we already patched every shop on Wednesday. https://t.co/5nZjMGBEUu — Peter Jaap Blaakmeer … More →
The post Magento sites under attack through easily exploitable SQLi flaw appeared first on Help Net Security.
Continue reading Magento sites under attack through easily exploitable SQLi flaw
The post 5 Things to Consider for Your ICS Security Proof of Concept appeared first on Nozomi Networks.
The post 5 Things to Consider for Your ICS Security Proof of Concept appeared first on Security Boulevard.
Continue reading 5 Things to Consider for Your ICS Security Proof of Concept
A vulnerability affecting all versions of WinRAR, the popular file archiver utility for Windows, could be exploited by attackers to deliver malware via specially crafted ACE archives. About the flaw The vulnerability was unearthed by Check Point resear… Continue reading 500,000+ WinRAR users open to compromise via a 19-year-old flaw
A low-skilled, remote attacker could use publicly available exploits to gain access to and mess with a power monitor by Rockwell Automation that is used by energy companies worldwide, ICS-CERT warns. All versions of Rockwell Automation’s Allen-Br… Continue reading Rockwell Automation industrial energy meter vulnerable to public exploits
A vulnerability affecting Snapd – a package installed by default in Ubuntu and used by other Linux distributions such as Debian, OpenSUSE, Arch Linux, Fedora and Solus – may allow a local attacker to obtain administrator privileges, i.e., r… Continue reading Snapd flaw gives attackers root access on Linux systems
Achieving remote code execution on systems running LibreOffice or Apache OpenOffice might be as easy as tricking users into opening a malicious ODT (OpenDocument) file and moving their mouse over it, a security researcher has found. About CVE-2018-1685… Continue reading Malicious macros can trigger RCE in LibreOffice, OpenOffice
There’s no shortage of exploitable security holes in widely used Internet of Things devices, so it shouldn’t come as a surprise that the communication between many of those devices and their companion apps is not encrypted. The research A g… Continue reading The problem with vulnerable IoT companion apps