WordPress Flaw Opens Millions of WooCommerce Shops to Takeover

A file delete vulnerability in WordPress can be elevated into a remote code execution vulnerability for plugins like WooCommerce.

Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw

A sophisticated proxy code has infected hundreds of thousands of devices already.

Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed

Firmware updates won’t address the problem, so admins need to take other action.

Self-Encrypting Solid-State Drive Vulnerabilities

Original release date: November 06, 2018 NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Microsoft’s Security Advisory ADV180028 and Samsung’s Customer Notice regarding Samsung SSDs for more information and refer to vendors for appropriate patches and recommendations, when available. This product is provided subject to this Notification and this Privacy & Use policy.

Apache Struts Warns Users of Two-Year-Old Vulnerability

Users must update their vulnerable libraries manually.

Online Radio Stations at Risk from Icecast Flaw

A buffer overflow bug could silence online stations.

Apache Releases Security Advisory for Apache Struts

Original release date: November 05, 2018 The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. NCCIC encourages users and administrators of Apache Struts versions 2.3.36 and prior to review the Apache security advisory for CVE-2016-1000031 and upgrade to the latest released version of Commons FileUpload library, …
Read More »

PortSmash Side-Channel Attack Siphons Data From Intel, Other CPUs

An exploit was released for a flaw existing in a process in CPUs called Simultaneous Multithreading (SMT).

SB18-309: Vulnerability Summary for the Week of October 29, 2018

Original release date: November 05, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

The Morris Worm

Thirty years ago, a graduate student unleashed the first major attack on the Internet and became the first person convicted of a new type of crime.