Address: Rue de la Loi 107, 1000 Brussels, BE Tel: +32 2 295 2100

Security Advisories

  • 2018-028: BLEEDINGBIT - Vulnerabilities Affecting Enterprise WiFi Devices

    Monday, November 05, 2018 04:43:00 PM CET

    Security researchers disclosed details about two critical vulnerabilities related to the use of BLE (Bluetooth Low Energy) chips made by Texas Instruments (TI). The vulnerable BLE chips are embedded in WiFi network equipment from Cisco, Meraki and Aruba Networks. Dubbed BleedingBit, the two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication.

  • 2018-027: Multiple Vulnerabilities in Oracle Products

    Friday, October 19, 2018 03:37:00 PM CEST

    On 16th of October 2018, Oracle released a critical patch bundle that addresses several security vulnerabilities. The patch contains 301 new fixes since the last patch. The addressed vulnerabilities affect many Oracle products including among others Oracle Database, Oracle Communications, Enterprise Manager, Fusion Middleware, Java, MySQL, Retail Applications, Peoplsoft, and others.

  • 2018-026: Vulnerabilities in PHP

    Tuesday, October 16, 2018 02:09:00 PM CEST

    On 11th of October 2018, several vulnerabilities have been fixed in PHP, a programming language designed for web applications. According to the Center for Internet Security, these vulnerabilities allow an adversary to perform an arbitrary code execution and/or denial-of-service attack (DoS).

  • 2018-025: Cisco Webex Player Remote Code Execution Vulnerabilities

    Friday, September 21, 2018 10:46:00 AM CEST

    On 19th of September 2018, Cisco published a security advisory concerning Remote Code Execution Vulnerabilities. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of Webex recording files. An attacker could exploit these vulnerabilities by sending a user an e-mail with a link or attachment containing a malicious file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could allow the attacker to execute
    arbitrary code on an affected system. Cisco has released software
    updates that address these vulnerabilities.

  • 2018-024: Windows Task Scheduler – Privileges Escalation Vulnerability

    Thursday, August 30, 2018 10:51:00 AM CEST

    On August 27th, a tweet from a researcher with a nick SandboxEscaper announced an unpatched local privileges escalation vulnerability in Windows. This flaw is affecting the way Task Scheduler uses Advanced Local Procedure Call (ALPC) to read and set permissions. This allows a user with read access to an object to change his rights on it. Eventually, this vulnerability allows a user to run code with SYSTEM privileges. It is important to notice that a POC has been already
    published on Internet and there is no available patch yet.

  • 2018-023: Major Vulnerability in Ghostscript

    Friday, August 24, 2018 03:46:00 PM CEST

    Ghostscript -- an interpreter for PostScript and PDF -- is affected by a major vulnerability. There is currently no patch available, but some workarounds are possible.

  • 2018-022: Apache Struts -- Critical Remote Code Execution Vulnerability

    Thursday, August 23, 2018 04:57:00 PM CEST

    Semmle researchers discovered and disclosed a critical remote code execution vulnerability (CVE-2018-11776) in the Apache Struts web application framework. That flaw could allow remote attackers to run malicious code on the affected servers.

  • 2018-020: Speculative Execution Attack on Intel Processors

    Friday, August 17, 2018 10:04:00 AM CEST

    In January 2018, two separate teams discovered flaws in Intel processor
    allowing speculative execution attacks and notified Intel of their researches. On 14th of August 2018, the vulnerabilities were disclosed publicly under the name Foreshadow. Based on the provided technical details Intel investigated further and identified two other attack channel with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software.

  • 2018-021: Critical Vulnerabilities in Adobe Acrobat and Reader

    Thursday, August 16, 2018 04:35:00 PM CEST

    On 14th of August 2018, Adobe released a security bulletin addressing two critical vulnerabilities affecting Adobe Acrobat and Reader for Windows and MacOS. Successful exploitation could lead to arbitrary code execution in the context of the current user and be used in a phishing campaign. No exploit has been observed yet in the wild.

  • 2018-019: New attack on WPA/WPA2 using PMKID

    Wednesday, August 08, 2018 08:53:00 AM CEST

    On August 4th the researcher Jens Steube published on his website a new method to get a hash which involves the Pre-Shared Key (PSK) of a wifi access point. A successful exploitation of the technique allows an attacker to retrieve the PSK.

  • 2018-018: WebLogic Vulnerability Exploited In The Wild

    Thursday, July 26, 2018 05:00:00 PM CEST

    Recently Oracle released patches for vulnerability CVE-2018-2893. This vulnerability allows an unauthenticated attacker to compromise Oracle WebLogic Server. Exploits were published on GitHub and on other websites after the announcement of the security updates. There were reported attacks against vulnerable instances.

  • 2018-017: Juniper JunOS Multiple Vulnerabilities

    Friday, July 13, 2018 04:49:00 PM CEST

    On the 12th of July 2018, Juniper has released updates to address several vulnerabilities affecting JunOS products. A remote attacker can exploit those vulnerabilities in order to trigger privilege escalation, denial of service, firewall rule bypass, security restriction bypass and sensitive information disclosure on the targeted system. An exploit is available for the privilege escalation vulnerability (CVE-2018-0024).

  • 2018-016: Signature Spoofing Vulnerability in GnuPG

    Friday, June 15, 2018 02:27:00 PM CEST

    On 13th of June 2018, Marcus Brinkmann released technical details concerning a vulnerability impacting GnuPG and most applications based on GnuPG (Enigmail, GPGtools, python-gnupg, etc.) [1]. This vulnerability can be exploited by a remote attacker to spoof signatures in encrypted messages. Security researchers named those vulnerabilities SigSpoof.

    To exploit the vulnerabilities, the verbose option needs to be enabled (via configuration file or via command line parameter). A successful exploitation of the vulnerability allows the attacker to spoof signature verification and message decryption results. Concerning Enigmail, exploitation of the vulnerability does not even need the message to be encrypted (encryption is spoofed as well).

  • 2018-015: Critical Vulnerabilities in Adobe Acrobat, Reader and Photoshop CC

    Tuesday, May 15, 2018 05:26:00 PM CEST

    Adobe has released Adobe Security Bulletins APSB18-09 and APSB18-17 providing security updates for Adobe Acrobat, Reader and Adobe Photoshop
    CC for Windows and MacOS. These updates address critical and important
    vulnerabilities, which successful exploitation could lead to arbitrary
    code execution in the context of the current user.

  • 2018-014: Vulnerabilities in OpenPGP and S/MIME Client Implementations

    Monday, May 14, 2018 05:01:00 PM CEST

    On 14th of May 2018, security researchers released technical details
    concerning vulnerabilities impacting OpenPGP and S/MIME encryption
    technologies. These vulnerabilities abuse e-mail clients rendering HTML
    content when displaying e-mails to exfiltrate plaintext content of
    OpenPGP or S/MIME encrypted email. Security researchers named those
    vulnerabilities EFAIL.

  • 2018-013: Cisco WebEx ARF Remote Code Execution Vulnerabilities

    Thursday, May 03, 2018 12:58:00 PM CEST

    On May 2nd, 2018, Cisco published two advisories for remote code execution vulnerabilities, CVE-2018-0287 (medium) and CVE-2018-0264 (critical) in the various Cisco WebEx Players. The players are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The records are using the Advanced Recording Format (ARF). An attacker could exploit these vulnerabilities by sending a link or an e-mail attachment with a malicious ARF file and persuading the target to open the malicious file. Successful exploitation could allow the attacker to execute arbitrary code on the target system.

  • 2018-012: Drupal Core - Remote Code Execution

    Friday, April 27, 2018 05:24:00 PM CEST

    Drupal is a content management system often used for Enterprise Content
    Management Projects. A remote code execution vulnerability
    (CVE-2018-7602) exists within multiple subsystems of Drupal 7.x and 8.x.
    This allows attackers to exploit multiple attack vectors on a Drupal
    site, which result in the site being compromised. This vulnerability is
    related to Drupal core - highly critical - Remote Code Execution -
    SA-CORE-2018-002 (CVE-2018-7600). Both
    SA-CORE-2018-002/CERT-EU-SA2018-008 (CVE-2018-7600) and this
    vulnerability are being exploited in the wild.

  • 2018-011: Cisco Products Multiple Vulnerabilities

    Thursday, April 19, 2018 04:36:00 PM CEST

    On the 17th and 18th of April 2018, Cisco has released several updates to address vulnerabilities affecting multiple products in which a remote attacker can exploit these vulnerabilities to trigger cross site scripting, denial of service, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

  • 2018-010: Critical Vulnerability in Sophos Mobile and Sophos Mobile Control

    Tuesday, April 10, 2018 07:46:00 AM CEST

    On 26th of March 2018, Sophos released a security advisory concerning Sophos Mobile and Sophos Mobile Control. This critical vulnerability could allow an unauthenticated user to access the administration console or the self-service portal of Sophos Mobile.

  • 2018-009: UPDATE Cisco Smart Install Protocol Remote Code Execution Vulnerability

    Friday, April 06, 2018 05:10:00 PM CEST

    On 28th of March 2018, Cisco published a security advisory concerning a buffer overflow discovered in Smart Install feature of Cisco IOS and Cisco IOS XE software. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary code on an affected device.
    A proof of concept for the vulnerability has been published. Also, there are already many attacks observed in the wild.

  • 2018-008: Drupal Core – Remote Code Execution

    Friday, March 30, 2018 04:54:00 PM CEST

    Drupal team announced a security advisory for a vulnerability (CVE-2018-7600) reported by Jasper Mattsson and rated as Highly Critical with a score of 21/25 based on the NIST Common Misuse Scoring System. A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site. Successful exploitation could lead to a potential compromise of the web application and possibly the underlying operating system as well.

  • 2018-007: Unauthorized Personal Data Sharing

    Friday, March 30, 2018 04:49:00 PM CEST

    CERT-EU has recently observed the usage of software tools and components that might lead to unauthorized personal data leakage. These components are often available in the form of browser extensions or plugins, or e-mail clients plugins. Examples include: Zoominfo, Data.com, InsideView, NetProspex, DiscoverOrg, or LeadIQ. Depending on the machine configuration and policy, these components may be often installed by the users themselves -- without any need for administrator access. Once installed, these components typically gather contact information (address books, etc.), which are then exfiltrated and shared with third parties. Such indiscriminate sharing of corporate address books and other similar data creates potential issues under the new European GDPR directive, and hence should be avoided.

  • 2018-006: Remote Code Execution Vulnerability in Exim

    Wednesday, March 07, 2018 03:07:00 PM CET

    On February 05, 2018, Devcore Security Consulting discovered a buffer overflow vulnerability in the base64 decode function of Exim message transfer agent. On March 06, 2018, Exim released a security advisory about the issue, confirming potential remote code execution that could be triggered by sending a handcrafted message. The issue has been fixed in version 4.90.1 of Exim and no alternative mitigation is known.

  • 2018-005: UPDATE Critical Vulnerability in Adobe Flash Player

    Tuesday, February 06, 2018 04:50:00 PM CET

    On January 31, 2018, KrCERT/CC released a security alert regarding a vulnerability in Adobe Flash Player. Regarding this issue, Adobe Systems has also released a security advisory about the vulnerability (CVE-2018-4878). According to Adobe, the vulnerability is being exploited in the wild. As of February 6th, 2017 a patch from Adobe is available.

  • 2018-004: UPDATE Critical Vulnerability in Cisco Adaptive Security Appliance

    Wednesday, January 31, 2018 12:35:00 PM CET

    On the 29nd of January 2018, CISCO published a security advisory for a
    remote code execution and denial of service vulnerability affecting
    Cisco Adaptive Security Appliance (ASA). The vulnerability is located in
    the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive
    Security Appliance (ASA) Software and could allow an unauthenticated,
    remote attacker to cause a reboot of the affected system or to remotely
    execute code. On the 5th of February 2018, CISCO updated the advisory
    after identifying additional attack vectors and release of new patches.

  • 2018-003: Critical Vulnerability in Electron on Windows

    Monday, January 29, 2018 03:57:00 PM CET

    On the 22nd of January 2018, GitHub published a fix for a remote code execution vulnerability affecting Electron applications that use custom protocol handlers. An attacker could exploit the vulnerability by providing to the victim a specifically crafted link calling the custom protocol handler. The vulnerability affects - among others - applications such as Skype, Slack, etc.

  • 2018-002: INTEL AMT Security Issue

    Friday, January 12, 2018 04:33:00 PM CET

    On January 12th 2018, F-Secure reported a security issue affecting laptops supporting Intel’s Active Management Technology (AMT). The issue allows an attacker with physical access to the laptop to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation.

  • 2018-001: UPDATE Meltdown and Spectre Critical Vulnerabilities

    Thursday, January 11, 2018 10:39:00 AM CET

    Design flaws in modern computer processors allow programs to steal data processed on the computer. The hardware design deficiencies leaded to the development of two attack scenarios: Meltdown, melts security boundaries normally enforced by the processors hardware, and Spectre, which abuses speculative execution leading to information disclosure.

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.