New Western Digital My Cloud Bugs Give Local Attackers Root on...

Two new WD My Cloud vulnerabilities have been identified, adding to last month’s bevy of security bugs.

Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions

Siemens has fixed a remotely executable vulnerability in some versions of its SIMATIC PCS 7 distributed control system, and said that it is working on a fix for remaining affected versions.

Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000...

Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers (ASR), Cisco 4400 Series Integrated Services Routers (ISR), and Cisco Cloud Services Routers (CSR) 1000v Series contains the following vulnerabilities: Cisco IOS XE S...

Hacker Infects Gas Pumps with Code to Cheat Customers

Russian authorities have broken up a crime ring involving a hacker and willing gas-station employees who have used malicious software to cheat customers of gas.

FireEye’s Marina Krotofil On Triton and ICS Threats

At the Security Analyst Summit this year in Cancun, FireEye's Marina Krotofil talks about the Triton malware, first disclosed in December 2017, that targets industrial control systems.

VU#475445: Multiple SAML libraries may allow authentication bypass via incorrect XML...

Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,allowing the attack to potentially bypass authentication to SAML service providers.

VU#421280: Microsoft Office Equation Editor stack buffer overflow

Microsoft Equation Editor contains a stack buffer overflow,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service...

Update from February 5, 2018: After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability.
In addition, it was also found that the original fix was incomplete so new fixed code ve...

Cisco Patches Critical VPN Vulnerability

Cisco Systems released a patch Monday to fix a critical security vulnerability, with a CVSS rating of 10, in its Secure Sockets Layer VPN solution called Adaptive Security Appliance.

Bug in HP Remote Management Tool Leaves Servers Open to Attack

Firmware versions of HPE’s remote management hardware iLO3 have an unauthenticated remote denial of service vulnerability.

Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user.

The attacker could exploit this vulnerability by sending the...

Massive Malspam Campaign Targets Unpatched Systems

Morphisec said that it has detected several malicious word documents – part of a “massive” malspam campaign – that takes advantage of a critical Adobe Flash Player vulnerability discovered earlier this month.