vulnerability
Crypto flaw in Oracle Access Manager can let attackers pass through
A padding oracle vulnerability in Oracle Access Manager (CVE-2018-2879) can be exploited by attackers to bypass authentication and impersonate any user account. About the …
It’s time to update your Cisco WebEx software again!
Cisco has released security updates for a variety of its offerings, including some that fix critical remote code execution vulnerabilities in Webex software, Cisco Secure ACS …
Most SAP systems vulnerable to critical security configuration risk
Onapsis researchers revealed a critical security configuration vulnerability that results from default installations in SAP systems which if left insecure, could lead to a …
Apple device users, stay away from QR codes until you upgrade
It’s time to update your Mac and iOS-powered devices again: Apple has plugged four vulnerabilities, two of which could be exploited to execute arbitrary code if a user …
Cisco plugs critical hole in WebEx, users urged to upgrade ASAP
Cisco has fixed a critical vulnerability in its Webex videoconferencing software that could be exploited to compromise meeting attendees’ systems by simply opening a …
Moxa plugs serious vulnerabilities in industrial secure router
A slew of serious vulnerabilities in the Moxa EDR-810 series of industrial secure routers could be exploited to inject OS commands, intercept weakly encrypted or extract clear …
Emergency alert systems used across the US can be easily hijacked
A vulnerability affecting emergency alert systems supplied by ATI Systems, one of the leading suppliers of warning sirens in the USA, could be exploited remotely via radio …
Hackers leverage flaw in Cisco switches to hit Russian, Iranian networks
The proof-of-concept exploit code for a vulnerability affecting many Cisco switches has been leveraged by vigilante hackers to mess with networks and data-centers in Russia …
Easily exploited flaw in Microsoft Malware Protection Engine allows total system compromise
A critical and extremely easily exploitable vulnerability in the Microsoft Malware Protection Engine (MMPE) has been patched through an out-of-band security update pushed out …
Intel will not provide Spectre/Meltdown microcode updates for some processor families
Intel has decided not to provide microcode updates to plug Spectre and Meltdown vulnerabilities in a number of older processors. According to the last update (April 2, 2018) …
Critical vulnerability opens Cisco switches to remote attack
A critical vulnerability affecting many of Cisco’s networking devices could be exploited by unauthenticated, remote attackers to take over vulnerable devices or trigger …
Flaws in ManageEngine apps opens enterprise systems to compromise
Researchers have discovered multiple severe vulnerabilities in ManageEngine’s line of tools for internal IT support teams, which are used by over half of Fortune 500 …