Latest Entries »

The following versions of the SIMATIC CP 44x-1 RNA, which connect SIMATIC S7-400 CPUs to Industrial Ethernet, are affected: View full article »

The latest updates for XHQ 4 and XHQ 5 fix a vulnerability that could allow a low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level. View full article »

Siemens has released update V1.4.1 for SIMATIC CP 44x-1 RNA modules that resolves a
vulnerability that could allow unauthenticated users to perform administrative actions under certain conditions. Siemens recommends specific countermeasures until fixes can be applied. View full article »

A woman exhales vapour from an e-cigarette

Even if a vape pen seems like it’s simply charging, it could actually be compromising your computer, security researchers warn. View full article »

FILE PHOTO: The logo of Honda is seen during the 87th International Motor Show at Palexpo in Geneva, Switzerland March 8, 2017. REUTERS/Arnd Wiegmann/File Photo

Honda Motor Co (7267.T) said on Wednesday it halted production at a domestic vehicle plant for a day this week after finding the WannaCry ransomware that struck globally last month in its computer network. View full article »

Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables. View full article »

Recently the Drupal Security Team has seen a trend of attacks utilizing a site mis-configuration. This issue only affects sites that allow file uploads by non-trusted or anonymous visitors, and stores those uploads in a public file system. View full article »

In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. The OpenVPN Git branches were patches as follows: View full article »

I’ve discovered 4 important security vulnerabilities in OpenVPN. Interestingly, these were not found by the two recently completed audits of OpenVPN code. Below you’ll find mostly technical information about the vulnerabilities and about how  I found them, but also some commentary on why commissioning code audits isn’t always the best way to find vulnerabilities. View full article »

In this article, we’ll present a new hooking technique that we have found during our research work. Hooking techniques give you the control over the way an operating system or a piece of software behaves. Some of the software that utilizes hooks include: application security solutions, system utilities, tools for programming (e.g. interception, debugging, extending software, etc.), malicious software (e.g. rootkits) and many others. View full article »