Microsoft Releases November 2018 Security Updates
Original release date: November 13, 2018Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review Microsoft’s...
Cisco Small Business Switches Privileged Access Vulnerability
A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device.
The vulnerability exists because under specific circumstances, the affected software enables a privileged user account...
New VMware Security Advisory VMSA-2018-0028
Today, VMware has released the following new security advisory:
“VMSA-2018-0028 (https://www.vmware.com/security/advisories/VMSA-2018-0028.html) – VMware vRealize Log Insight updates address an authorization bypass vulnerability”
This documents the remediation of a moderate severity authorization bypass vulnerability (CVE-2018-6980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6980) in VMware vRealize Log Insight. The...
November 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.
More information about this month’s security updates can be found on the Security Update Guide.
Adobe Releases Security Updates
Original release date: November 13, 2018Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC encourages users and...
Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC
This advisory includes mitigations for an improper access control vulnerability in the Siemens IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC products.
Siemens S7-400 CPUs
This advisory includes mitigations for improper input validation vulnerabilities in the Siemens S7-400 CPUs.
Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal)
This advisory includes mitigations for a code injection vulnerability in the Siemens SIMATIC Panels software and SIMATIC WinCC (TIA Portal).
Siemens SCALANCE S
This advisory includes mitigations for a cross-site scripting vulnerability in Siemens' SCALANCE S security appliance.
Siemens SIMATIC S7
This advisory includes mitigations for a resource exhaustion vulnerability in Siemens' Simatic S7 controllers.
Siemens SIMATIC STEP 7 (TIA Portal)
This advisory includes mitigations for an unprotected storage of credentials vulnerability in Siemens' SIMATIC STEP 7 engineering software.
Siemens SIMATIC IT Production Suite
This advisory includes mitigations for an improper authentication vulnerability in Siemens' SIMATIC IT Production Suite software.
Siemens SIMATIC Panels
This advisory includes mitigations for path traversal and open redirect vulnerabilities in Siemens' SIMATIC panels.
Security Bulletins Posted
Adobe has published security bulletins for Adobe Flash Player (APSB18-39), Adobe Acrobat and Reader (APSB18-40) and Adobe Photoshop CC (APSB18-43). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
This posting is...
PHP vulnerability CVE-2018-17082
PHP vulnerability CVE-2018-17082. Security Advisory. Security Advisory Description. The Apache2 component in PHP before ...
Should You Send Your Pen Test Report to the MSRC?
Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of...
SB18-316: Vulnerability Summary for the Week of November 5, 2018
Original release date: November 12, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...
VMware Releases Security Updates
Original release date: November 09, 2018VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the VMware...
Apache Tomcat vulnerability CVE-2018-11759
Apache Tomcat vulnerability CVE-2018-11759. Security Advisory. Security Advisory Description. The Apache Web Server ...
Cisco TelePresence Video Communication Server Test Validation Script Issue
A failure in the final QA validation step of the automated software build system for the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software inadvertently allowed a set of sample, dormant exploit code used internally by Cisco...
Dutch government report says Microsoft Office telemetry collection breaks GDPR
Microsoft pledges to address issues; has already released a "zero exhaust" Office telemetry setting.
Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam.
‘DarkGate’ password-stealer could open up world of hurt for Windows users
Windows users in Europe are the target of a sophisticated new malware campaign that provides attackers with a diverse array of capabilities, including cryptomining, credential stealing, ransomware and remote-access takeovers.
Named DarkGate by its developer, the malware is reportedly distributed...
Survey Finds Attacks Find Insecure IoT Devices
A survey finds vast differences in security practices linked to IoT devices in the enterprise, with attacks concentrating on insecure IoT endpoints.
The post Survey Finds Attacks Find Insecure IoT Devices appeared first on The Security Ledger.Related StoriesNigerian ISP Hijacks...
Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers
Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.
