Security Training Share
Recently, Modx officially announced that there are two high-risk vulnerabilities in its Modx Revolution 2.6.4 and previous versions. The attacker can remotely execute arbitrary code through this vulnerability, thereby gaining control of the website...
On July 18, Cisco officially issued a security notice saying that there was a severe vulnerability in the Cluster Manager of its Policy Suite (CPS) (CVE-2018-0375). This vulnerability could allow an unauthenticated, remote attacker to...
On July 17th, local time, on the morning of July 18th, Beijing time, Oracle officially released the July (second quarter) critical patch update CPU (Critical Patch Update), which fixed an April (first quarter) CPU...
Recently, ManageEngine officially released a new version of Exchange Reporter Plus to fix a remote code execution vulnerability. The vulnerability stems from the Java servlet ‘ADSHACluster’ when a ‘bcp.exe’ file executed, and an attacker can...
Intel has released several security updates for the company’s processor products, which are used to fix potential security threats to processors and more. For example, the Intel processor Spectre and Meltdown security vulnerabilities that...
Intel AMT is called Intel Active Management Technology. It is a system integrated into the chip and did not depend on a specific operating system. This is the most significant difference between Intel AMT...
Two security researchers Vladimir Kiriansky from MIT and consulting firm Carl Waldspurger have just published a paper highlighting the notorious new variant of the Spectre vulnerability, which creates a speculative buffer overflow. In the paper,...
The SEC Vulnerability Advisory Lab pointed out in a notice released last week that the Epicentro-based broadband gateways and routers manufactured by Advanced Digital Broadcast (ABD) are vulnerable to three security vulnerabilities, CVE-2018-13108. Effects...
In mid-June, the Ubuntu Launchpad exposed with a security bug; any user can bypass the lock screen by just removing the hard drive. This vulnerability confirms the impact of Ubuntu 16.04.4 but does not prove...
Recently, Google released the Android patch in July 2018, which solved 44 vulnerabilities in the operating system. It is understood that these 44 vulnerabilities include Framework, Media Framework, Kernel and Qualcomm components, as well...
Researchers at the University of California, Irvine, have published new papers on how to measure keyboard temperature to steal passwords with thermal imaging cameras. The principle of this kind of attack is mainly to...
On Tuesday, Huawei stated in a security bulletin numbered “huawei-sa-20180703-01-algorithm” that some Huawei products have a weak encryption algorithm vulnerability, and successful use may lead to information leakage. According to the description of the...
Synopsys recently released the Black Duck Report on 2018 Open Source Security and Risk Analysis, which provides an in-depth look at open source security, license compliance, and code quality risk in commercial software. This report discusses the...
A few days ago, researchers found that some underground technology communities have circulated examples of downloading malicious files through the Windows 10 Settings application configuration file. This configuration file seems to have attracted the...
