Category: News

From securityweek.com

A dozen vulnerabilities have been found in OpenClinic GA, a popular open source hospital management system, including flaws that can be exploited to access sensitive information or install malware on the hosting server.

OpenClinic GA is described as an “integrated hospital information management system covering management of administrative, financial, clinical, lab, x-ray, pharmacy, meals distribution and other data.” The product is used worldwide and it has been downloaded nearly 120,000 times from SourceForge.

Read more…

From kalilinuxtutorials.com

VHosts-Sieve is a searching for virtual hosts among non-resolvable domains.Get a list of subdomains (e.g. using Amass).Use vhosts-sieve.py to find virtual hosts.

Read more…

From welivesecurity.com

A recent study of more than 100 consumer-grade routers from seven, mostly large vendors has found that nearly all tested routers are affected by scores of unpatched and often severe security flaws that leave the devices – and their users – at risk of cyberattacks.

“[T]here is not a single device without known critical vulnerabilities,” says the damning study, called Home Router Security Report 2020. It was conducted by Germany’s Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) and looked at 127 router models from ASUS, AVM, D-Link, Linksys, Netgear, TP-Link and Zyxel.

“Many routers are affected by hundreds of known vulnerabilities. Even if the routers got recent updates, many of these known vulnerabilities were not fixed. What makes matters even worse is that exploit mitigation techniques are used rarely,” said the researchers, who tallied the average length of time since the latest update at 378 days. A total of 46 routers did not receive any security update within the last year.

Read more…

From zdnet.com

A reflected cross-site scripting (XSS) vulnerability impacting 100,000 websites has been patched in the KingComposer WordPress plugin. 

KingComposer is a drag-and-drop page builder for WordPress-based domains that removes the need to program or directly code websites powered by the content management system (CMS).

Read more…

From gbhackers.com

A new remote code execution “0day” flaw with Zoom Client for Windows allows remote attackers to execute arbitrary code on Windows computer where the vulnerable version of Zoom client installed.

Read more…

From helpnetsecurity.com

In a survey by Bitglass, 69% of respondents said that employees at their companies are allowed to use personal devices to perform their work, while some enable BYOD for contractors, partners, customers, and suppliers.

While the use of personal devices in the work environment is growing rapidly, many are unprepared to balance security with productivity. When asked for their main BYOD security concerns, 63% of respondents said data leakage, 53% said unauthorized access to data and systems, and 52% said malware infections.

Read more…

From github.com

Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)

This script use “WafW00f” to detect the WAF in the first step (https://github.com/EnableSecurity/wafw00f)

This script use “Sublist3r” to scan subdomains (https://github.com/aboul3la/Sublist3r)

This script use “waybacktool” to check in waybackmachine (https://github.com/Rhynorater/waybacktool)

Read more…