Cisco has released bundles of Cisco IOS and IOS XE software security advisories on September 26, 2018. The release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 13 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. One of the advisories describes a vulnerability...
Author: NSFOCUS
Rockwell Automation Buffer Overflow Vulnerability
Recently Rockwell Automation fixed a critical vulnerability (CVE-2018-14829) found in its RSLinx Classic, a software platform that allows Logix 5000 Programmable Automation Controllers to connect to a wide variety of Rockwell Software applications. A remote attacker could make the device being accessed stop responding and crash by sending a malicious...
NSFOCUS Introduces All-in-One Cloud Security Service for Regional Service Providers
SANTA CLARA, Calif., September 20, 2018 – NSFOCUS, a leader in holistic hybrid security solutions, announced today its newest cloud security service, Cloud-in-a-Box (CiaB), designed specifically for local and regional service providers across the globe. CiaB enables service providers to quickly deploy cloud security services with minimal expertise and without...
Cisco IOS XE Software Static Credential Vulnerability
Yesterday, September 19th, Cisco announced an advisory for a critical vulnerability (CVE-2018-0150) that exists with their IOS XE Software. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to...
NSFOCUS introduces new capability to identify cyber risk exposure
Help Net Security - NSFOCUS announced the launch of NSFOCUS Exposed Internet Surface Analysis (EISA), a new capability to address the cyber security risk faced by organizations today. EISA identifies malicious activity of rogue IPs, ports and services that might be compromised and hidden within the organization’s network providing insights...
Vulnerabilities Discovered in NUUO Network Video Recorder
Tenable Research released two vulnerabilities in NVRMini2, NUUO's Network Video Recorder software on September 17th. Risk information is as below: Reference link: https://www.tenable.com/security/research/tra-2018-25 Attack demo: https://www.youtube.com/watch?v=2EuFOZfRL4U Sketch of NVRMini2 structure: Vulnerability Description CVE-2018-1149: Unauthenticated Remote Stack Buffer Overflow The HTTP interface exposes the binary cgi_system through the http://<target>/cgi-bin/cgi_system endpoint. Much...
