Vulnerabilities

St. Jude Patches Additional Cardiac Device

St. Jude Medical added another Merlin@home Transmitter medical device to its list of equipment vulnerable to a man-in-the-middle attack.

InterContinental Hotels Confirms Credit Card Breach

InterContinental Hotels Group confirmed and released addition details pertaining to a breach that targeted payment card systems used in 12 of its hotels.

ICS, SCADA Security Woes Linger On

A recent batch of vulnerabilities in Honeywell building automation system software epitomize the linger security issues around SCADA and industrial control systems.

Honeywell SCADA Controllers Exposed Passwords in Clear Text

A series of remotely exploitable vulnerabilities - including clear text passwords - exist in a set of Honeywell SCADA systems.

Locky Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns

Locky ransomware and Kovter click-fraud malware are being spread in the same email campaign for the first time, with malicious .lnk files being used...

Threatpost News Wrap, February 3, 2017

Mike Mimoso and Chris Brook recap the news of the week, including a Microsoft SMB zero day, the latest Netgear router vulnerability, and a...

Cisco Patches Authentication Bypass in Cisco Prime Home

Cisco patched a critical remote authentication bypass vulnerability in its Prime Home remote management tool used by service providers.

Microsoft Waits for Patch Tuesday to Fix SMB Zero Day

Microsoft said a Windows SMB zero day, which has a public proof-of-concept exploit available, is low risk and won’t be patched until an upcoming...

WordPress Silently Fixed Privilege Escalation Vulnerability in 4.72 Update

WordPress silently fixed a serious content injection vulnerability when it pushed out its latest security release, 4.7.2, last week

Printing and Marketing Firm Leaks High-Profile Customers’ Data

MacKeeper says it has found gigabytes of sensitive personal data stored by PIP Printing and Marketing Services and accessible online.

Google Adds Security Key Enforcement to G Suite Apps, Hosted S/MIME...

Google pumped more life into the use of physical keys as a second form of authentication when it added Security Key enforcement support to...

VU#867968: Microsoft Windows SMB Tree Connect Response denial of service vulnerability

Vulnerability Note VU#867968 Microsoft Windows SMB Tree Connect Response denial of service vulnerability Original Release date: 02 Feb 2017 | Last revised: 03 Feb...