G DATA Blog – Hintertür zum Herzen
G DATA Blog – Hintertür zum Herzen Was als Überschrift vielleicht harmlos und romantisch klingt, ist in Wirklichkeit eine ernste und gefährliche Sache. Tim Berghoff von unserem Security-Partner G DATA berichtet in seinem Blog-Eintrag von Sicherheitslücken bei einem amerikanischen Herzschrittmacher mit internem Defibrilator. Das Gerät hat eine Online-Anbindung mittels Funksender. Eigentlich dafür gedacht, die Funktionen […]
Cisco PSIRT – Mitigating and Detecting Potential Abuse of Cisco Smart Install Feature
By Michael Schueler Cisco PSIRT has become aware of attackers potentially abusing the Smart Install (SMI) feature in Cisco IOS and IOS XE Software. While this is not considered a vulnerability, PSIRT published a Cisco Security Response on February 14, 2017 to inform customers about possible abuse of the Smart Install feature if it remains […]
Cisco PSIRT – Mitigating and Detecting Potential Abuse of Cisco Smart Install Feature
By Michael Schueler Cisco PSIRT has become aware of attackers potentially abusing the Smart Install (SMI) feature in Cisco IOS and IOS XE Software. While this is not considered a vulnerability, PSIRT published a Cisco Security Response on February 14, 2017 to inform customers about possible abuse of the Smart Install feature if it remains […]
Cisco Coverage for Smart Install Client Protocol Abuse
By Talos Group Summary Talos has become aware of active scanning against customer infrastructure with the intent of finding Cisco Smart Install clients. Cisco Smart Install is one component of the Cisco Smart Operations solution that facilitates the management of LAN switches. Research has indicated that malicious actors may be leveraging detailed knowledge of the […]
Cisco Coverage for Smart Install Client Protocol Abuse
By Talos Group Summary Talos has become aware of active scanning against customer infrastructure with the intent of finding Cisco Smart Install clients. Cisco Smart Install is one component of the Cisco Smart Operations solution that facilitates the management of LAN switches. Research has indicated that malicious actors may be leveraging detailed knowledge of the […]
Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Iceni Argus PDF Content Extraction affect MarkLogic
By Talos Group Overview Talos has discovered multiple vulnerabilities in Iceni Argus PDF content extraction product. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim’s machine. Although the main product is deprecated by Iceni, the library is still supported. Iceni has released a patched version that addresses these vulnerabilities. Nevertheless, […]
Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Iceni Argus PDF Content Extraction affect MarkLogic
By Talos Group Overview Talos has discovered multiple vulnerabilities in Iceni Argus PDF content extraction product. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim’s machine. Although the main product is deprecated by Iceni, the library is still supported. Iceni has released a patched version that addresses these vulnerabilities. Nevertheless, […]