Welcome to Smokey's Security Forums.
As a guest you only have limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokeys Pc Help & Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Google: Our brilliant Spectre fix dodges performance hit, so you should all use it

Google wants the whole industry to adopt its Retpoline fixes for Variant 2 of the Meltdown-Spectre bugs.
That fix, called Retpoline, addresses Variant 2 of the two Spectre CPU attacks called 'branch target injection'.
Variant 2 is considered by Microsoft and Google to be the trickiest speculative execution vulnerability to fix as it's the only one that does cause a significant hit on CPU performance.

Google: Our brilliant Spectre fix dodges performance hit, so you should all use it

Malware Log Analysis & Removal Help * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: Unpatched vulnerability puts Ubiquiti networking products at risk  (Read 27 times)

0 Members and 1 Guest are viewing this topic.

ScarlettTopic starter

  • Updates Moderator
  • *
  • Offline Offline
  • location: Cymru
  • Posts: 22756
Unpatched vulnerability puts Ubiquiti networking products at risk
16 March 2017, 9:18 pm



An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.

The vulnerability was discovered by researchers from SEC Consult and allows authenticated users to inject arbitrary commands into the web-based administration interface of affected devices. These commands would be executed on the underlying operating system as root, the highest privileged account.

Because it requires authentication, the vulnerability's impact is somewhat reduced, but it can still be exploited remotely through cross-site request forgery (CSRF). This is an attack technique that involves forcing a user's browser to send unauthorized requests to specifically crafted URLs in the background when they visit attacker-controlled websites.

To read this article in full or to leave a comment, please click here



Source: Network World Security

>> To obtain the full NetworkWorld Security article, click the link in the first post line <<
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2018 Smokey Services™ -- All rights reserved

Design board graphics by PseFrank & DSTM

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

    

  

Smokey's also provides free fully qualified FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle