Posted by Manuel Garcia Cardenas on Apr 21
=============================================
MGC ALERT 2016-002
– Original release date: April 8, 2016
– Last revised: April 21, 2016
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
Time-based SQL Injection in Admin panel ImpressCMS <= v1.3.9
II. BACKGROUND
————————-
ImpressCMS is a community developed…
Posted by Sysdream Labs on Apr 21
WordPress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (access rights)
==================================================================================================
Description
===========
A vulnerability has been found in iThemes Security backup function that may allow attackers to gain access to
backup/log files.
By default, when using the “database backup on filesystem” feature, iThemes Security…
Posted by Sysdream Labs on Apr 21
WordPress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (predicatable filename)
==========================================================================================================
Description
===========
When using the “database backup/logging on filesystem” feature, iThemes security generates a weak filename allowing
attackers to obtain the backup/log file if they know when the backup/log file was…
Posted by Hans Jerry Illikainen on Apr 21
Overview
========
libgd [1] is an open-source image library. It is perhaps primarily used
by the PHP project. It has been bundled with the default installation
of PHP since version 4.3 [2].
A signedness vulnerability (CVE-2016-3074) exist in libgd 2.1.1 which
may result in a heap overflow when processing compressed gd2 data.
Details
=======
4 bytes representing the chunk index size is stored in a signed integer,
chunkIdx[i].size, by…
A report released Thursday shines a bright light on point-of-sales system attack targeting hospitality and retail businesses that could of given earned cyber crooks a $400 million payday.
Today is National Get to Know Your Customers Day, so we want to get to know our readers better!
Please answer the 10 questions in this survey to help us understand what kind of security-related articles and social posts are important to you. Or maybe you prefer videos? Podcasts, perhaps? That’s the kind of thiing we want to know, because we write these articles for YOU!
The survey should only take a few minutes of your time. It consists of nine questions plus an optional bonus question at the end. What’s more, you can take part in the survey for a chance to win a free license for Avast SecureLine VPN!
Click Read More to see the survey or you can also do the survey here. Thank you!
A signedness vulnerability exists in libgd version 2.1.1 which may result in a heap overflow when processing compressed gd2 data.
On Tuesday, the Dutch Police arrested a 36-year-old man, Danny Manupassa, on suspicion of money laundering and involvement in selling encrypted smartphones to criminals.
Manupassa owns a company called Ennetcom, which provides customized Blackberry Phones with the secure PGP-encrypted network.
Reportedly, Ennetcom sold nearly 19,000 encrypted cell phones at 1500 euros each in last few years.
The Australian government has set aside $230 million in a new cybercrime strategy with a five-pronged plan of action.
The post Australian government spends $230m on new cybercrime strategy appeared first on We Live Security.
Adobe today patched a DOM-based cross-site scripting vulnerability in the Adobe Analytics AppMeasurement for Flash library.
