The Multi-State Information Sharing and Analysis Center (MS-ISAC) – a WaterISAC partner – has published an advisory on a vulnerability in PHP, a programming language originally designed for use in web-based applications with HTML content. According to MS-ISAC, this vulnerability could allow an attacker to execute arbitrary code. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition. MS-ISAC’s advisory contains a list of recommended actions for mitigating this vulnerability. Read the advisory at MS-ISAC.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!