Home Tags Credentials

Tag: credentials

VU#586501: Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor...

Inmarsat Solutions offers a shipboard email client service,AmosConnect 8(AC8),which was designed to be utilized over satellite networks in a highly optimized manner.

A third-party security research firm has identified two security vulnerabilities in the client software:On-board ship network access could provide visibility of user names and passwords configured on the client device.

A backdoor account has been identified in the client that provides full system privileges.

This vulnerability could be exploited remotely.

An attacker with high skill would be able to exploit this vulnerability.

AmosConnect 8 has been deemed end of life,and no longer supported.
Inmarsat customers must contact Inmarsat Customer Service to obtain the replacement mail client software.

A King’s Ransom It is Not

The first half of 2017 began with two intriguing ransomware events, both partly enabled by wormable exploit technology dumped by a group calling themselves “The ShadowBrokersrdquo;.

These WannaCry and ExPetr ransomware events are the biggest in the sense that they spread the quickest and most effectively of known ransomware to date.

Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability

A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root.

The attacker must authenticate with valid adm...

Cisco Web Security Appliance Static Credentials Vulnerability

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authentica...

Miscreants have been pillaging credit cards from Trump Hotels’ booking system

Hacks across 14 properties began in July 2016 and were stopped in March 2017.

Hackers are using this new attack method to target power companies

These phishing emails being used to steal credentials from critical infrastructure firms can silently harvest data without even using macros, warn researchers.

SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE...

The Simple Network Management Protocolnbsp;(SNMP) subsystem of Cisconbsp;IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system ...

Schroedinger’s Pet(ya)

Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. Our investigation is ongoing and our findings are far from final at this time.

Despite rampant public speculation, the following is what we can confirm from our independent analysis.

Matthew Keys’ guilty verdict and sentence to stand, 9th Circuit rules

"Keys made the CMS far weaker by taking and creating new user accounts."

Android Marcher Variant Makes Rounds as Adobe Flash Player Update

Zscaler researchers discover a new variant of the Android Marcher malware, which aims to steal online banking credentials and credit card information.

Beware this Android banking malware posing as a software update

Latest version of the mobile malware can steal login credentials from at least 40 banking, retail and social media apps.

Russian hackers selling login credentials of UK politicians, diplomats – report

They're oldies but could still spill the goodies, say experts Russians hackers are trading the email addresses and passwords of top UK politicians and diplomats.…