InfoSec Alerts | InfoSec Industry

Elasticsearch Sales Leads – 5,788,169 breached accounts

Have I Been Pwned November 17, 2018

In October 2018, security researcher Bob Diachenko identified multiple exposed databases with hundreds of millions of records. One of those datasets was an Elasticsearch instance on AWS containing sales lead data and 5.8M unique email addresses. The data contained...

KnownCircle – 1,957,600 breached accounts

Have I Been Pwned November 17, 2018

In approximately April 2016, the "marketing automation for agents and professional service providers" company KnownCircle had a large volume of data obtained by an external party. The data belonging to the now defunct service appeared in JSON format and...

MySQL vulnerabilities CVE-2018-3276, CVE-2018-3277, CVE-2018-3278, CVE-2018-3279, and CVE-2018-3280

F5 November 16, 2018

MySQL vulnerabilities CVE-2018-3276, CVE-2018-3277, CVE-2018-3278, CVE-2018-3279, and CVE-2018-3280. Security Advisory. ...

MySQL vulnerabilities CVE-2018-3203, CVE-2018-3212, CVE-2018-3247, CVE-2018-3251, and CVE-2018-3258

F5 November 16, 2018

MySQL vulnerabilities CVE-2018-3203, CVE-2018-3212, CVE-2018-3247, CVE-2018-3251, and CVE-2018-3258. Security Advisory. ...

MySQL vulnerabilities CVE-2018-3282, CVE-2018-3283, CVE-2018-3284, CVE-2018-3285, and CVE-2018-3286

F5 November 16, 2018

MySQL vulnerabilities CVE-2018-3282, CVE-2018-3283, CVE-2018-3284, CVE-2018-3285, and CVE-2018-3286. Security Advisory. ...

VMware and the Tianfu Cup PWN Contest

VMware November 15, 2018

We wanted to post a quick acknowledgement that VMware has representatives in attendance at the Tianfu Cup PWN Contest in Chengdu, China to review any vulnerabilities that may be demonstrated during the contest. We would like to thank the organisers...

Microsoft Releases November 2018 Security Updates

US-CERT November 13, 2018

Original release date: November 13, 2018Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review Microsoft’s...

Cisco Small Business Switches Privileged Access Vulnerability

Cisco November 13, 2018

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account...

New VMware Security Advisory VMSA-2018-0028

VMware November 13, 2018

Today, VMware has released the following new security advisory: “VMSA-2018-0028 (https://www.vmware.com/security/advisories/VMSA-2018-0028.html) – VMware vRealize Log Insight updates address an authorization bypass vulnerability” This documents the remediation of a moderate severity authorization bypass vulnerability (CVE-2018-6980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6980) in VMware vRealize Log Insight. The...

November 2018 Security Update Release

Microsoft November 13, 2018

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.

Adobe Releases Security Updates

US-CERT November 13, 2018

Original release date: November 13, 2018Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC encourages users and...

Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC

ICS-CERT November 13, 2018

This advisory includes mitigations for an improper access control vulnerability in the Siemens IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC products.

Siemens S7-400 CPUs

ICS-CERT November 13, 2018

This advisory includes mitigations for improper input validation vulnerabilities in the Siemens S7-400 CPUs.

Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal)

ICS-CERT November 13, 2018

This advisory includes mitigations for a code injection vulnerability in the Siemens SIMATIC Panels software and SIMATIC WinCC (TIA Portal).

Siemens SCALANCE S

ICS-CERT November 13, 2018

This advisory includes mitigations for a cross-site scripting vulnerability in Siemens' SCALANCE S security appliance.

Siemens SIMATIC S7

ICS-CERT November 13, 2018

This advisory includes mitigations for a resource exhaustion vulnerability in Siemens' Simatic S7 controllers.

Siemens SIMATIC STEP 7 (TIA Portal)

ICS-CERT November 13, 2018

This advisory includes mitigations for an unprotected storage of credentials vulnerability in Siemens' SIMATIC STEP 7 engineering software.

Siemens SIMATIC IT Production Suite

ICS-CERT November 13, 2018

This advisory includes mitigations for an improper authentication vulnerability in Siemens' SIMATIC IT Production Suite software.

Siemens SIMATIC Panels

ICS-CERT November 13, 2018

This advisory includes mitigations for path traversal and open redirect vulnerabilities in Siemens' SIMATIC panels.

Security Bulletins Posted

Adobe November 13, 2018

Adobe has published security bulletins for Adobe Flash Player (APSB18-39), Adobe Acrobat and Reader (APSB18-40) and Adobe Photoshop CC (APSB18-43). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is...

LATEST NEWS

Instagram flaw exposes user passwords

SC Magazine November 17, 2018

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...