Security Alerts & News
by Tymoteusz A. Góral

#2042 Siemens RUGGEDCOM NMS equipment vulnerable to CSRF, XSS
Enterprise network management equipment made by Siemens suffers from vulnerabilities that could allow an attacker to perform administrative actions.

Two flaws, a cross-site scripting (XSS) vulnerability and a cross-site request forgery (CSRF) vulnerability, exist in the company’s RUGGEDCOM NMS line of network management products.

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned the vulnerabilities are remotely exploitable and would take a low skill level to exploit in an advisory published on Tuesday.
Read more
#2049 New RaaS portal preparing to spread Unlock26 ransomware
#2048 Creepy IoT teddy bear leaks >2 million parents’ and kids’ voice messages
#2047 Google open-sources Chrome extension to make PGP encryption easier in Gmail
#2046 Shamoon (malware): Multi-staged destructive attacks limited to specific targets
#2045 More on bluetooth ingenico overlay skimmers
#2044 Google reports “high-severity” bug in Edge/IE, no patch available
#2043 Severe SQL injection flaw discovered in WordPress plugin (NextGEN Gallery) with over 1M installs
#2042 Siemens RUGGEDCOM NMS equipment vulnerable to CSRF, XSS
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12