The US government has warned of a critical flaw in Palo Alto Networks equipment that could enable attackers to take over its devices with minimal skill.The warning, issued by US Cyber Command, urged people to patch all devices affected by the vulnerability immediately. It said that foreign advanced persistent threat actors will attempt to exploit it soon.Ple

--------------------------------------------------------------openSIS <= 7.4 (Bottom.php) Local File Inclusion Vulnerability--------------------------------------------------------------[-] Software Link:https://opensis.com/[-] Affected Versions:Version 7.4 and prior versions.[-] Vulnerability Description:The vulnerable code is located in the /Bottom.php

Do you think you have found a vulnerability in the Sony PlayStation 4 or the PlayStation Network?If so, you could be heading towards a sizeable sum of money. That’s because Sony announced details of a new bug bounty program that it is running in co-ordination with vulnerability-reporting platform HackerOne.Sony is inviting security researchers, gamers

byPaul DucklinThe latest security patches from NVIDIA, the maker of high-end graphics cards, are out.Both Windows and Linux are affected.NVIDIA hasn’t yet given out any real details about the bugs, but 12 different CVE-tagged flaws have been fixed, numbered sequentially from CVE-2020-5962 to CVE-2020-5973.As far as we can tell, none of the bugs can be

Tripwire’s June 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, BIND and Oracle.Up first on the Patch Priority Index this month are patches for Microsoft, BIND and Oracle for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for BIND (CVE-2020-8617), Oracle

A stored cross-site scripting (XSS) vulnerability in OSIsoft PI System, a product often present in critical infrastructure facilities, can be exploited for phishing, privilege escalation and other purposes.OSIsoft PI System is a data management platform that delivers plant monitoring and analysis capabilities. According to the vendor’s website, PI System has

AMD last week said it was preparing patches for a vulnerability affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI) shipped with systems that use certain notebook and embedded processors.Discovered by security researcher Danny Odler in AMD’s Mini PC and tracked as CVE-2020-12890, the vulnerability is one of the thre

Drupal released security updates to patch several security issues, including a flaw that could allow an attacker to execute arbitrary PHP code. Drupal released security updates to address multiple security vulnerabilities, including a “critical” flaw tracked as CVE-2020-13664 that could be exploited by an attacker to execute arbitrary PHP code

byPaul DucklinIntel is adding two new exploit detection systems into its forthcoming processors.The new technology has been at least four years in the making, according the chip giant’s recently updated specification document, which contains a “version 1.0” release date of June 2016.Intel’s PR machine has been making waves about the s

In 2019, the State of Security published its most recent list of essential bug bounty frameworks. Numerous organizations and government entities have launched their own vulnerability reward programs (VRPs) since then. COVID-19 has changed the digital security landscape, as well. With that in mind, it’s time for an updated list.Here are 10 essential bug bount

A potentially serious denial-of-service (DoS) vulnerability affecting some Mitsubishi Electric automation controllers can allow hackers to disrupt the production process in an industrial organization, experts have warned.The flaw, discovered by a researcher at industrial cybersecurity firm SCADAfence and reported to Mitsubishi in late February, was described

A vuln in the GTP protocol could allow DoS, fraud, and data theft attacks against cellular networks from virtually anywhere.A protocol that allows millions of customers to use their mobile phones for data applications can also allow criminals to launch denial-of-service (DoS), user impersonation, and fraud cyberattacks. And according to a new report, the pro

Remember Spectre and Meltdown? Back in early 2018, I wrote: Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they -- and the research into the Intel ME vulnerability -- have shown researchers where to look, more is coming -- and what they'll find will be worse than either Spectre or Mel

Cisco’s Talos threat intelligence and research group has released information on a recently addressed vulnerability in Firefox that could be exploited for code execution.Tracked as CVE-2020-12405 and featuring a CVSS score of 8.8, the issue was one of five high-severity bugs that were patched earlier this month with the release of Firefox 77. Tor Browser 9.5

One of the vulnerabilities that Microsoft addressed on June 2020 Patch Tuesday is a Server Message Block (SMB) protocol bug that could allow an attacker to leak kernel memory remotely, without authentication.Called SMBleed and tracked as CVE-2020-1206, the vulnerability could be chained with SMBGhost (CVE-2020-0796), a flaw addressed in March 2020, to achiev