Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.
Monthly Archives: August 2016
CVE-2016-5671
Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users.
Cybersecurity Tips for the Rio Olympics
Original release date: August 02, 2016
As the 2016 Olympic Games begin in Rio de Janeiro, US-CERT reminds travelers to be aware of cybersecurity risks. At high-profile events, hacktivists may take advantage of the large audience to spread their message. Cyber criminals may attempt to steal personally identifiable information or harvest users’ credentials for financial gain. There’s also the possibility that mobile or other communications will be monitored.
US-CERT encourages users to protect themselves against these risks, especially risks associated with portable devices such as smart phones and tablets. Following the security practices suggested in the documents listed below will help travelers stay more secure in Rio and other travel destinations:
- US-CERT Security Tip ST13-002: International Mobile Safety Tips
- US-CERT Security Tip ST05-017: Cybersecurity for Electronic Devices
- Stop.Think.Connect. Tip Card: Cybersecurity While Traveling
- Stop.Think.Connect. Tip Card: Mobile Security
This product is provided subject to this Notification and this Privacy & Use policy.
DSA-3638 curl – security update
Several vulnerabilities were discovered in cURL, an URL transfer library:
DSA-3639 wordpress – security update
Several vulnerabilities were discovered in wordpress, a web blogging
tool, which could allow remote attackers to compromise a site via
cross-site scripting, bypass restrictions, obtain sensitive
revision-history information, or mount a denial of service.
DSA-3640 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, buffer overflows and other
implementation errors may lead to the execution of arbitrary code,
cross-site scriping, information disclosure and bypass of the same-origin
policy.
Vuln: OpenSSL DROWN Attack CVE-2016-0800 Security Bypass Vulnerability
OpenSSL DROWN Attack CVE-2016-0800 Security Bypass Vulnerability
Vuln: ImageMagick 'MagickCore/enhance.c' Remote Buffer Overflow Vulnerability
ImageMagick ‘MagickCore/enhance.c’ Remote Buffer Overflow Vulnerability
Vuln: Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
Polycom Command Shell Authorization Bypass
The login component of the Polycom Command Shell on Polycom HDX video endpints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.