A file delete vulnerability in WordPress can be elevated into a remote code execution vulnerability for plugins like WooCommerce.
A sophisticated proxy code has infected hundreds of thousands of devices already.
Firmware updates won’t address the problem, so admins need to take other action.
Original release date: November 06, 2018 NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Microsoft’s Security Advisory ADV180028 and Samsung’s Customer Notice regarding Samsung SSDs for more information and refer to vendors for appropriate patches and recommendations, when available. This product is provided subject to this Notification and this Privacy & Use policy.
Users must update their vulnerable libraries manually.
A buffer overflow bug could silence online stations.
Original release date: November 05, 2018 The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. NCCIC encourages users and administrators of Apache Struts versions 2.3.36 and prior to review the Apache security advisory for CVE-2016-1000031 and upgrade to the latest released version of Commons FileUpload library, …
Read More »
An exploit was released for a flaw existing in a process in CPUs called Simultaneous Multithreading (SMT).
Original release date: November 05, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »
Thirty years ago, a graduate student unleashed the first major attack on the Internet and became the first person convicted of a new type of crime.