Posted by ERPScan inc on Jun 21
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5
Vendor URL: http://SAP.com
Bugs: XSS
Sent: 29.09.2015
Reported: 30.09.2015
Vendor response: 30.09.2015
Date of Public Advisory: 08.03.2016
Reference: SAP Security Note 2238765
Author: Vahagn Vardanyan (ERPScan)
Description
1. ADVISORY INFORMATION
Title: [ERPSCAN-16-015] SAP NetWeaver Java AS – multiple XSS vulnerabilities
Advisory ID:…
Posted by Sysdream Labs on Jun 21
# Several Vulnerabilities founded in Horsys V8
Horsys is a human resource appliation, allowing the user to manage his profile, vacation, position title and other
personnal data like address, phone number and so on.
The application runs on Windows and launches a web server. This product has been developped by Asys company.
We found that it is vulnerable to several vulnerabilities, which can lead to personal information leakage or account…
Original release date: June 21, 2016
Apple has released a security update to address a vulnerability in AirPort Base Station (Wi-Fi enabled devices). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the Apple security page for AirPort Base Station and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Acer has experienced a major data breach, with up to 34,500 of its customers thought to be affected. It has already submitted a “breach notification sample” to the Office of the Attorney General in California.
The post Acer experiences major data breach appeared first on We Live Security.
ESET’s Josep Albors takes a look at the main reasons for corporate data loss, which include undetected drives and devices being dropped from height.
The post The 5 most common reasons for corporate data loss appeared first on We Live Security.
The same group of teenage hackers that hacked Facebook CEO Mark Zuckerberg’s Twitter and Pinterest accounts have hacked another the Twitter account of another high-profile person.
This time, it’s Twitter’s ex-CEO, Dick Costolo.
The hacker group from Saudi Arabia, dubbed OurMine, compromised Twitter account of former Twitter CEO on Sunday and managed to post three tweets on Costolo’s Twitter
If you’re waiting for a friend, a colleague or even a doctor’s appointment, how long do you think it takes before you check your phone – two minutes? Three?
Apple Security Advisory 2016-06-20-1 – AirPort Base Station Firmware Update 7.6.7 and 7.7.7 is now available and addresses an arbitrary code execution vulnerability.
Web browsers are full of dangerous options that nobody uses. Most computers come with pre-loaded web browsers like Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari, but these default web browsers are not configured for secure web browsing.
Anytime users are surfing the web, there can be a “variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer”, as stated on the US-Cert website.
What may seem like a cool option for your Web Browser, could actually be a gateway for cyber-attackers that goes unseen to the average computer user. Sometimes “less is more”, and when it comes to computer security, the less entry-points a cyber-criminal has, the less we have to worry about defending ourselves.
There needs to be a complex balance between having freedom to use new technology functionalities, like web browser options, while at the same time, keeping the door shut to cyber-criminals.
But why download options if they are pointless? 83% of the latest browser functionalities are completely unnecessary, as revealed in a study from the University of Illinois. In fact, only 1% of the 10,000 most popular web pages use these features in some way, many of which do not even prove that they are useful.
83% of the latest browser functionalities are completely unnecessary.
A good example of this are the Ambient Light Events (ALS) that are designed so that websites perform differently depending on the levels of light that surround the device, and adapt the computer brightness to it. Although it sounds helpful, only 14 of the 10,000 websites that were cited in the study implement this and very few users are even aware that it exists.
Iframes is another story. It has become a very popular HTML element that is used in many different types of websites; interactive spaces on a web page allow users to insert part of another page onto their website (this is known as embedding). At least half of the most popular websites use this technology, and yet it is blocked 77% of the time due to security reasons. In 2013, hackers “seeded Internet searches with malicious iframe code, leading to iframe overlay attacks on many prominent networks.” The majority of social networks have stopped using this program.
Something else that has caught our attention is vibrate API, which enables websites to manage features on devices… if they decided to use them. Today, only 1 out of the 10,000 most popular websites does this, but still, the features remain available, not only for legitimate developers but also for potential attackers who could use it for their own benefit, for example to spy your conversations (like they did here).
A cybercriminal could use the vibration of your Smartphone to spy your conversations
The difficult balance of taking advantage of available options while maintaining security seems is difficult to have, at least in regard to the browsers. To be protected, users better have a good anti-virus that is capable of stopping assailants if they get through these online-cracks.
The post If You Add Extras to Your Web Browser = Extra Danger for You appeared first on Panda Security Mediacenter.
From: Apple Product Security
Reply to list
APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 is now available and addresses the following: AirPort Base Station Firmware Available for: AirPort Express, AirPort Extreme and AirPort [...]
