Author Archives: Bill Murphy

CVE-2017-1107

IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906.

View Full Alert

CVE-2017-8328

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change a user’s password. Also this is a systemic issue.

View Full Alert

CVE-2012-6711 (bash, enterprise_linux)

A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().

View Full Alert

Simplify & Save with Cloud-based IT

Simplify & Save with Cloud-based IT

By moving to cloud-based IT, businesses are enjoying the benefits of simplified deployment, centralized management, improved security, and cost savings – without making big investments up front or having to go it alone.

Cloud-based IT Services save you time and money by…  

  • Consolidating your infrastructure for better performance, reliability, and availability.
  • Automating upgrades of OS, applications, users’ workstations and mobile devices.
  • Streamlining admin tasks; increasing your control over the entire IT environment.
  • Improving IT team and resource productivity.
  • Reducing your hardware, power, and operational costs.

RedZone Makes Cloud IT Happen

Get better performance, security and availability, while simplifying IT management.  Contact us today: (410) 897-9494 | rzsales@redzonetech.net

CVE-2017-10721

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.

View Full Alert