Category: tech

A recent incident has left the voting records of 198 million Americans exposed. The data included the names, dates of birth, addresses, and phone numbers of voters from both parties. It also included voter’s positions on various political issues and their projected political preference. Although it is not unusual to collect this type of information, it should raise alarm bells that the platform hosting this data was not secured. This is the largest known data exposure in the United States, leaving the sensitive information of millions of Americans unprotected. Continue reading

On June 20th Check Point published an IPS signature providing virtual patching for the Siemens SIPROTEC DoS vulnerability. This IPS signature can help protect against a new malware, CrashOverride, also known as Industroyer– that is a direct threat to Electric Grid Operators. Continue reading

The following versions of the SIMATIC CP 44x-1 RNA, which connect SIMATIC S7-400 CPUs to Industrial Ethernet, are affected: Continue reading

The latest updates for XHQ 4 and XHQ 5 fix a vulnerability that could allow a low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level. Continue reading

Siemens has released update V1.4.1 for SIMATIC CP 44x-1 RNA modules that resolves a
vulnerability that could allow unauthenticated users to perform administrative actions under certain conditions. Siemens recommends specific countermeasures until fixes can be applied. Continue reading

A woman exhales vapour from an e-cigarette

Even if a vape pen seems like it’s simply charging, it could actually be compromising your computer, security researchers warn. Continue reading

FILE PHOTO: The logo of Honda is seen during the 87th International Motor Show at Palexpo in Geneva, Switzerland March 8, 2017. REUTERS/Arnd Wiegmann/File Photo

Honda Motor Co (7267.T) said on Wednesday it halted production at a domestic vehicle plant for a day this week after finding the WannaCry ransomware that struck globally last month in its computer network. Continue reading

Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables. Continue reading

Recently the Drupal Security Team has seen a trend of attacks utilizing a site mis-configuration. This issue only affects sites that allow file uploads by non-trusted or anonymous visitors, and stores those uploads in a public file system. Continue reading

In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. The OpenVPN Git branches were patches as follows: Continue reading