Flaws in Network Management Systems open enterprise networks to attacks
For quite a while now, Rapid7 researchers Tod Beardsley and Deral Heiland have been looking for vulnerabilities in various Network Management Systems (NMSs). With the help of …
Too many Cisco ASA boxes still open to an EXTRABACON attack
Among the Equation Group exploits leaked by the Shadow Brokers, the one named EXTRABACON that targets Cisco ASA devices got the most attention from security researchers and …
Cisco starts publishing fixes for EXTRABACON exploit
Starting last Wednesday, Cisco has begun publishing fixes for the SNMP RCE flaw in the software of its Adaptive Security Appliances (ASA), which can be triggered through the …
Leaked EXTRABACON exploit can work on newer Cisco ASA firewalls
EXTRABACON, one of the Equation Group exploits leaked by the Shadow Brokers, can be made to work on a wider range of Cisco Adaptive Security Appliance (ASA) firewalls than …
Implant leaked by Shadow Brokers targets Juniper’s NetScreen firewalls
Juniper Networks has become the latest company to acknowledge that one of the implants leaked by the Shadow Brokers targets some of their products. Cisco and Fortinet did the …
Snowden documents definitely link Shadow Brokers’ leak to the NSA
Last week, Cisco and Fortinet confirmed that the exploits leaked by the Shadow Brokers and aimed at compromising their networking devices work as intended, but the origin of …
Cisco, Fortinet validate exploits leaked by the Shadow Brokers
Cisco and Fortinet have released security advisories confirming that some of the exploits leaked by the Shadow Brokers work as intended. The entity released the batch as proof …
Leaked hacking tools can be tied to NSA’s Equation Group
The batch of data released by the Shadow Brokers, an entity that claims to have hacked the Equation Group, contains attack tools that can be tied to the group. Equation Group …
Low-cost wireless keyboards open to keystroke sniffing and injection attacks
Bastille Networks researcher Marc Newlin has discovered a set of security vulnerabilities in low-cost wireless keyboards that could be exploited to collect all passwords, …
Warframe, Clash of Kings players’ info stolen after forum hacks
Two new website hack/ user data theft combos have been revealed last week, and the victims are players of popular mobile real time strategy game Clash of Kings and online …
BMW ConnectedDrive flaws could be misused to tamper with car settings
Security researcher Benjamin Kunz Mejri has found two vulnerabilities in the BMW ConnectedDrive web portal/web application. About the vulnerabilities in BMW ConnectedDrive The …
Exploit for GNU wget RCE flaw revealed
Technical details about a serious vulnerability affecting all but the latest version of the GNU wget software have been released online, along with PoC exploit scenarios. …
Featured news
Resources
Don't miss
- Why we must go beyond tooling and CVEs to illuminate security blind spots
- Making security and development co-owners of DevSecOps
- Review: Passwork 7.0, self-hosted password manager for business
- What a mature OT security program looks like in practice
- Machine unlearning gets a practical privacy upgrade