Security Alerts & News
by Tymoteusz A. Góral

History
#998 Advantech patches WebAccess remote code execution flaws
Advantech has published a new version of its WebAccess product to address vulnerabilities that put installations at risk to remote code execution attacks.

Exploiting the vulnerabilities would be a challenge, however, according to an advisory published Tuesday by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

ICS-CERT said the flaws patched in versions prior to 8.1_20160519 would require an attacker to entice the victim to accept a crafted DLL and load it, decreasing the chances the bugs could be exploited.

“These vulnerabilities are not exploitable remotely and cannot be exploited without user interaction,” ICS-CERT said in its advisory. “The exploit is only triggered when a local user runs the vulnerable application, which in certain scenarios can cause it to load a DLL file from an untrusted source.”
Read more
#1007 Google launches Android programming course for absolute beginners
#1006 Apple’s official statement on why the iOS 10 kernel is not encrypted
#1005 WordPress security update patches two dozen flaws
#1004 Unpatched remote code execution flaw exists in Swagger
#1003 Let’s Encrypt celebrates big HTTPS milestone
#1002 Hackers would like to join your LinkedIn network - and you'd probably accept them
#1001 McAfee Labs: Threats Report (PDF)
#1000 ‘GODLESS’ mobile malware uses multiple exploits to root devices
#999 Firm pays $950,000 penalty for using WiFi signals to secretly track phone users
#998 Advantech patches WebAccess remote code execution flaws
#997 Ransomware a two-year nightmare in the making
#996 Nuclear, Angler exploit kit activity has disappeared
#995 Patched libarchive vulnerabilities have big reach
#994 154 million voter records exposed, revealing gun ownership, Facebook profiles, and more
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12