September 4, Securityweek – (International) Cisco patches flaw in data center management products. Cisco released software updates addressing a remotely exploitable JavaServer Pages (JSP) vulnerability in the company’s UCS Director and Integrated Management Controller (IMC) Supervisor products which could allow an unauthenticated attacker to use specially crafted HyperText Transfer Protocol (HTTP) requests to overwrite arbitrary files, resulting in instability or a denial-of-service (DoS) condition. Source
September 4, Securityweek – (International) Flaws in OrientDB expose databases to remote attacks. The Computer Emergency Readiness Team (CERT) published an advisory warning of three vulnerabilities in OrientDB’s Community Edition, including a cross-site request forgery (CSRF) affecting the Web administration interface in which an attacker could perform actions with user privileges, an insufficient random value issue that could allow an attacker to gain administrative privileges to the database, and an improper input validation that could allow an attacker to create specially crafted pages to launch clickjacking attacks. Source
September 4, Softpedia – (International) FortiClient antivirus fixes system-level privilege escalation bug. FortiClient antivirus client developers released an update addressing a privilege escalation bug in the software that could have allowed an attacker who had previously infected the system to gain unauthorized access to system-level privileges. Source
September 4, SC Magazine – (National) Encrypted medical databases shown to leak information. Researchers from Microsoft reported findings revealing that databases used to storage electronic medical records are prone to information leakage despite being encrypted, and that they were able to find data such as sex, race, age and admission information from real patient records from 200 hospitals in the U.S via frequency analysis, IP-optimization, and sorting and cumulative attacks. Source