Monthly Archives: March 2018

Microsoft Released Windows Error Announced by Meltdown Fixes

Microsoft has announced out-of-band Windows 7 updates for Windows Server 2008 R2 to state a critical opportunity acceleration flaw as the Meltdown mitigations presented previously this year. Researcher Ulf Frisk stated in the running week that Microsoft announced the fixes this year in January and February for the Meltdown flaw made an even greater security flaw that lets the cybercriminal to read from and write to memory at important pace.

Continue reading

Millions of Users Influenced in Data Breach Revealed By Under Armour

Under Armour, the famous sports gear makers, exposed in Thursday’s data breach of its fitness application was attacked, and it influenced about 150 million users’ accounts. The Baltimore, Maryland-based company declared that it had communicated with law enforcement agencies and outside experts after knowing about the breach.

Continue reading

Critical Flaws Reveal MicroLogix PLCs To Threats

Rockwell Automation has announced fixes and modifications for various potentially critical flaws exposed by Cisco Talos researching personnel in its Allen-Bradley MicroLogix 1400 programmable logic controllers (PLCs). The flaws can be oppressed for denial-of-service (DoS) threats according to Cisco Talos, altering a configuration of the device and ladder logic, and writing or deleting data on its memory module.

Continue reading

Data Mining Tools of Cambridge Analytica Revealed Data Breach

Canada-based digital advertising AggregateIQ has been found Source code by the researchers on an insecure domain. The revealed files of the software development company seem to authorize reports of an association between AggregateIQ and Cambridge Analytica. Moreover, the controversial company was already caught in the Facebook data scandal some time ago.

Continue reading

Vulnerabilities in ManageEngine Apps Leads Enterprise Systems to Threats

Flaw researchers have revealed numerous serious flaws in ManageEngine’s line of tools for inner IT support teams, which are employed by about partial of 500 Fortune companies. The initial flaw marks EventLog Analyzer 11.8 and Log360 5.3, and could be oppressed to accomplish distant code implementation with the same rights as the customers that functioned the application, by uploading a web shell to be inscribed to the web source.

Continue reading

Apple Obstructs Websites From Harming HSTS Security Standard

The security standard, HTTP Strict Transport Security if you are unaware, can be harmed as a supercookie to furtively track customers of nearly every advanced website browser online without their information even when they practice private browsing. Now, Apple has increased mitigations to its open-source browser arrangement WebKit that reinforces its Safari web browser to avoid HSTS misuse after determining that theoretical threats confirmed in 2015 were lately organized in the wild against Safari users.

Continue reading

SAP CRM Users Cautioned Over Security Vulnerability in SAP NetWeaver AS Java

ERPScan, an enterprise software security specialist, has cautioned about two fresh security vulnerability in SAP CRM that could be employed to cooperate customer data. Despite SAP fixing the flaws this year in February, it was alerted that there are some 500 servers around connected to the internet that have never been fixed yet, and which could be susceptible to cyber-crime. The two security concerns were appraised at 6.3 and 7.7 separately on the CVSS Base Score V.3.

Continue reading