Printer Privacy Is Dead
Every single time you turn on your printer to scan, print or copy a document, what you get is a replication of that information in the preferred form. What you also get, are trackers...
Category: Vulnerability
CVE-2018-14773: 3rd-party libraries bug allows attacker to take full control of the affected Drupal websites
Vulnerabilities in the Symfony component were tracked as CVE-2018-14773, which could be exploited by attackers to take complete control of the affected Drupal site. A hacker can use this bug to attack the Drupal website...
HP published the patch to fix security flaws on 225 different models of inkjet printers
HP recently updated firmware for 225 different models of the InkJet series, including Pagewide, DesignJet, OfficeJet, Deskjet and HP Envy products to fix two security bugs (CVE-2018-5924 and CVE-2018-5925). These two printer vulnerabilities can cause the...
CVE-2018-10618: Davolink DVW-3200N Router Vulnerability Alert
On July 31, the Davolink DVW-3200N router was exposed to a high-risk vulnerability (CVE-2018-10618). The router generates weak passwords that are easily cracked, allowing remote attackers to obtain the device’s password. CVSS v3 9.8 ATTENTION: Exploitable...
Multiple vulnerabilities in Samsung SmartThings Hub
Recently, the Talos team announced some vulnerabilities related to Samsung SmartThings Hub, including high-risk vulnerabilities such as command injection and remote code execution, with a maximum CVSS score of 9.9. Vulnerability Overview Vulnerability name/category...
CVE-2018-14417: SoftNAS Cloud OS Command Injection Vulnerability Alert
On July 26, SoftNAS Cloud exposed to an OS command injection vulnerability (CVE-2018-14417). The vulnerability stems from the fact that the snserv script in the web administration console does not securely filter the input parameters...
CVE-2018-1336, CVE-2018-8037: Tomcat High Risk Vulnerability Alert
Overview The Tomcat server is a free open source web application server. It is a lightweight application server. It is widely used in small and medium-sized systems and concurrent access users. It is the first...
NetSpectre attack can steal confidential data through the network
The security team at the Technical University of Graz, Austria, has just released a new variant of the Spectre series of vulnerabilities, NetSpectre, a security flaw caused by modern processor design flaws. Previously, Spectre...
CVE-2018-5383: Encryption bug on Bluetooth affects millions of devices
Two scientists from Israel Institute of Technology, Lior Neumann and Eli Biham found that an encryption bug (CVE-2018-5383) has been confirmed to affect a variety of Bluetooth and Operating system drivers. This bug affects...
Report: 496 million IoT devices are vulnerable to DNS Rebinding Attack
On July 20th, the Internet of Things (IoT) security provider Armis released a research report saying that about 496 million enterprise devices are facing the risk of DNS rebinding attacks. A study released by Armis in...
CVE-2018-11235: Sourcetree Remote Code Execution Vulnerabilities Alert
On July 23, the Sourcetree client was exposed to a remote code execution vulnerability (CVE-2018-11235). The vulnerability stems from the embedded Git in Sourcetree, which can be exploited by an attacker to execute arbitrary...
Researchers releases new bypass vulnerability SpectreRSB
Researchers at the University of California, Riverside, published a paper on the new Spectre vulnerability named SpectreRSB. Similar to other disclosed Spectre vulnerabilities, SpectreRSB takes advantage of predictive execution capabilities—a feature that all modern...
Multiple security flaw in Dongguan Diqee 360 robotic vacuum cleaners
Positive Technologies experts have discovered vulnerabilities in smart vacuum cleaners produced by Dongguan Diqee 360 manufacturers, allowing attackers to control devices that are already connected remotely. Through security breaches, an attacker can directly remotely control...
Intel patches mutiple Manageability Engine vulnerabilities
Intel issued security advisories SA-00112 and SA-00118 regarding fixes for vulnerabilities in Intel Management Engine (Intel ME). A total of four vulnerabilities were fixed based on multiple announcements posted. Positive Technologies detailed these bugs, in which the “Buffer...
