Surge of Attacks Targeting Network Infrastructure Devices – What You Need to Know
April 17, 2018Based on the recent surge of attacks on network devices by Russian state-sponsored cyber actors, the US-CERT has released Technical Alert (TA18-106A). As of now, targets are primarily government and p...
Tenable Research: February and March Vulnerability Disclosure Roundup
April 13, 2018.blog__container p:first-child { font-size: 17px; } Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to ...
Tenable Research Advisory: AXIS Camera App Malicious Package Distribution Weakness
April 12, 2018Tenable Research recently audited an AXIS M3044-V network camera and learned that AXIS has introduced an application platform to their cameras. The camera even came with an app pre-installed: AXIS Vid...
Cisco Smart Install - How to Prevent Attacks on Switches
April 11, 2018There’s been a flurry of activity around the Cisco Smart Install feature recently. Last week, we posted a tech blog about CVE-2018-0171, a critical vulnerability in Cisco’s Smart Install f...
Microsoft Defends Windows Defender from Remote Code Execution: CVE-2018-0986
April 6, 2018Over the years, Microsoft has developed an anti-virus and anti-malware suite of security tools for the Windows environment. However, recently, a critical flaw has been found, which affects Microsoft M...
Proof of Concept (and Patch) for Critical Cisco IOS Vulnerability: CVE-2018-0171
April 3, 2018Embedi, a security firm, has discovered a major security flaw in the Cisco Smart Install code. According to Embedi and Cisco, “A vulnerability in the Smart Install feature of Cisco IOS Software ...
Critical Drupal Core Vulnerability: What You Need to Know
March 29, 2018Drupal is popular, free and open-source content management software. On March 28, the Drupal security team released patches for CVE-2018-7600, an unauthenticated remote code execution vulnerability in...
SamSam Ransomware: How to Identify and Mitigate the Risk
March 28, 2018SamSam ransomware, which hit the city of Atlanta's systems in late March 2018, continues to be a threat. The most recent iteration leverages brute force remote desktop protocol (RDP) as an attack vect...
AMD Flaws Acknowledged
March 21, 2018CTS-Labs published several AMD flaws over a week ago. For those of us who read vulnerability disclosures regularly, this particular disclosure was curious. Not only was the branded website bereft of a...
Slingshot Malware Uses IoT Device in Targeted Attacks
March 19, 2018A new APT malware attack has been discovered by Kaspersky Lab. The malware named Slingshot, due to a string in one of the hijacked system DLLs, is a sophisticated attack that leads to a nasty rootkit....
Tenable Research Advisory: Micro Focus Operations Orchestration, Remote Denial-of-Service (DoS) Vulnerability
March 15, 2018Tenable Research just released an advisory for an information disclosure and denial-of-service vulnerability in Micro Focus Operations Orchestration software. This post provides further context arou...
Exim Buffer Overflow RCE Vulnerability (CVE-2018-6789) – What You Need to Know
March 7, 2018On February 10, the Unix-based email server Exim released an update to address a heap buffer overflow vulnerability that can be used by an unauthenticated attacker to remotely execute arbitrary code. ...