VMware Releases Security Updates

Original release date: November 19, 2015 VMware has released security updates to address a vulnerability in vCenter, vCloud Director, and Horizon View. Exploitation of this vulnerability may allow an attacker to obtain sensitive information. Users and administrators are encouraged to review VMware Security Advisory VMSA-2015-0008 and apply the necessary updates. This product is provided subject Read more about VMware Releases Security Updates[…]

Information Security

Adobe Releases Security Updates for ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip

Original release date: November 17, 2015 Adobe has released security updates to address multiple vulnerabilities in ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins for ColdFusion, LiveCycle Read more about Adobe Releases Security Updates for ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip[…]

Apache Commons Collections Java Library Vulnerability

Original release date: November 13, 2015 US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections (ACC) Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. US-CERT encourages users and administrators to review Vulnerability Note VU#576313 for more information and Read more about Apache Commons Collections Java Library Vulnerability[…]

Google Releases Security Updates for Chrome and Chrome OS

Original release date: November 11, 2015 Google has released security updates to address vulnerabilities in Chrome and Chrome OS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Updates available include: Chrome 46.0.2490.86 for Windows, Mac and Linux Chrome 46.0.2490.82 for all OS devices Users and Read more about Google Releases Security Updates for Chrome and Chrome OS[…]

Information Security

SDG Technologies Plug and Play SCADA XSS Vulnerability

NCCIC/ICS-CERT is aware of a public disclosure of a cross-site scripting vulnerability with proof-of-concept (PoC) exploit code affecting SDG Technologies Plug and Play SCADA, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the vulnerability is exploitable by inserting malicious script in the HTML request to web servers. Source: US-CERT ICS Read more about SDG Technologies Plug and Play SCADA XSS Vulnerability[…]

Information Security

Rockwell Automation 1769-L18ER and A LOGIX5318ER Vulnerability (Update A)

This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS ALERT 15 225-01 Rockwell Automation 1769-L18ER and Logix5318ER Vulnerability that was published August 13, 2015, on the ICS-CERT web page. NCCIC/ICS-CERT is aware of a public report of a cross-site scripting vulnerability with proof-of-concept (PoC) exploit code affecting Rockwell Automation 1769-L18ER/A LOGIX5318ER Read more about Rockwell Automation 1769-L18ER and A LOGIX5318ER Vulnerability (Update A)[…]

Rockwell Automation 1766-L32 Series Vulnerability (Update A)

This alert update is a follow-up to the original NCCIC/ICS-CERT Alert titled ICS ALERT 15 225-02 Rockwell Automation 1766-L32 Series Vulnerability that was published August 13, 2015, on the ICS-CERT web page. NCCIC/ICS-CERT is aware of a public report of a remote file inclusion vulnerability with proof-of-concept (PoC) exploit code affecting Rockwell Automation 1766-L32BWAA/1766-L32BXBA web Read more about Rockwell Automation 1766-L32 Series Vulnerability (Update A)[…]

Information Security

KAKO HMI Hard-coded Password

NCCIC/ICS-CERT is aware of a public report of a hard-coded password vulnerability with proof-of-concept (PoC) exploit code affecting KAKO HMI products. According to this report, the password is easily found in the client code. This report was released before coordination could be completed with the vendor and ICS-CERT. ICS-CERT has notified the affected vendor of Read more about KAKO HMI Hard-coded Password[…]

Schneider Electric Modicon M340 PLC Station P34 Module Vulnerabilities

NCCIC/ICS-CERT is aware of public reports of vulnerabilities with some proof-of-concept (PoC) exploit code affecting several Schneider Electric’s Modicon M340 PLC Station P34 I/O modules. This is a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. ICS CERT is issuing this alert to provide early notice of the reports and identify baseline mitigations for reducing Read more about Schneider Electric Modicon M340 PLC Station P34 Module Vulnerabilities[…]

£5k Innovation Vouchers up for grabs for Cyber Security Improvements

The UK Government have announced a new scheme to protect small businesses from cyber attacks.   Yesterday, Digital Economy Minister Ed Vaizey outlined a new voucher scheme designed specifically to help small and medium-sized businesses (SMEs) as part of a package of measures to improve the UK’s cyber security resilience.  The package also includes a new online learning and careers hub to help ensure the UK has the cyber skills talent pool to protect both the public and private sectors as we face the reality of increasing cyber threats. […]