As part of our research into threats facing the marine and offshore sector, we recently uncovered an ongoing malware campaign. It makes use of specific maritime industry related document lures, and attempts to [...]
The OpenConnect VPN client, on all supported platforms, suffered from a possible information leak that could result in an attacker with elevated local privileges obtaining plaintext credentials. This VPN security vulnerability has now [...]
A SQL injection vulnerability has been discovered in SolarWinds’ Network Performance Monitor (NPM). This vulnerability has been designated CVE-2018-13442. SolarWinds NPM is one of the most widely used network monitoring tools available in [...]
Affected Software: IPConfigure Orchid Core VMS (All versions < 2.0.6, tested on Linux and Windows) Vulnerability: Unauthenticated Privileged Directory Traversal CVE: CVE-2018-10956 Impact: Arbitrary File Read Access Metasploit module: https://github.com/nettitude/metasploit-modules/blob/master/orchid_core_vms_directory_traversal.rb Summary of Vulnerability IPConfigure Orchid Core VMS [...]