#!/usr/bin/env python## Unauthenticated Remote Root Exploit in Optergy BMS (Console Backdoor)## Affected version <=2.0.3a (Proton and Enterprise)# Discovered by Gjoko 'LiquidWorm' Krstic## CVE: CVE-2019-7276# Advisory: https://applied-risk.com/resources/ar-2019-008#################################################################################

#!/usr/bin/env python# -*- coding: utf8 -*-## Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name Exploit# Authentication Bypass (Login with MD5 hash)## CVE: CVE-2019-7666, CVE-2019-7667# Advisory: https://applied-risk.com/resources/ar-2019-007# Paper: https://applied-risk.com/resources/i-own-your-building-management-system## Discovered by G

Australia announced measures to combat foreign interference at its universities Thursday, setting new guidelines around the key areas of research collaboration, cybersecurity, and international partnerships.There has been growing concern about China's clout on campuses following a series of hacks, controversial donations and incidents of political intimidati

American not-for-profit organization MITRE Corporation has announced the launch of a tech foundation focused on strengthening critical infrastructure through partnerships with the private sector.Called Engenuity, the foundation is a distinct, non-profit company that has its own board of directors and separate private funding.Through Engenuity, MITRE hopes to

Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world's problems. The essay was influential -- but 60 years later, nothing ha

Authored by Dr Sandra Bell, Head of Resilience Consulting EMEA, Sungard Availability Services PDF edition of this articleThe 2019 National Cyber Security Centre’s (NCSC) Annual Review does not shy away from naming the four key protagonists when it comes to state-based cyber threats against our country. The review sites China, Russia, North Korea and Ir

Security researchers are warning oil and aviation industry organizations to be on their guard after spotting a notorious Iranian APT group using private VPNs to keep its activity hidden.APT33 has been linked to the infamous Shamoon destructive malware which knocked out tens of thousands of PCs at Saudi Aramco in 2012 and has been deployed across Europe and t

A Russian national is facing charges of running a $20m carding forum after being extradited from Israel to the US.Aleksei Burkov, 29, arrived at Dulles International Airport on Monday after being arrested initially at Ben-Gurion airport in December 2015, and failing in his appeal attempts over subsequent years to avoid being shipped to the States.Accord

Cyber-criminals are increasingly focusing data stealing and ransomware attacks on healthcare organizations (HCOs), with detected infections increasing by 60% from 2018 to the first three quarters of this year, according to Malwarebytes.The security vendor’s Cybercrime tactics and techniques: the 2019 state of healthcare report makes for concerning read

By Feike Hacquebord, Cedric Pernet, and Kenney Lu The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narr

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns.Eclypsium revealed in August that its researchers had identified serious vulnerabilities in more than 40 device drivers from 20 vendors, including AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gig

Threat statistics come from a variety of sources: reported incidents, vendor telemetry, internet traffic and dark web analysis. All have value, and all have limitations. Reported incidents form the basis of Verizon's Data Breach Investigations Report (DBIR) -- its limitation is that it cannot account for those incidents that contributors decline to repo

In my previous column, I offered tips on leveraging security metrics in order to stay out of the lion’s den. It goes without saying that it’s always best to avoid the lion’s den whenever possible. In fact, much of the security advice out there is centered around this philosophy.  But what should one do if they have no choice but to put themselves in the

Canada's spy agencies are divided over whether or not to ban Chinese technology giant Huawei from fifth generation (5G) networks over security concerns, the Globe and Mail reported Wednesday.The Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE) were tasked with conducting a cybersecurity review to evaluate the

Israeli cybersecurity firm Pcysys announced on Wednesday that it has completed a $10 million Series A funding round, which brings the total raised by the company to $15 million. Pcysys, an acronym for "Proactive Cyber Systems", offers an automated penetration testing platform that uses algorithms to scan and “ethically penetrate” corporate networks usin