CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for “Export configuration” permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.

Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging

Posted by Onapsis Research on Oct 03

Onapsis Security Advisory ONAPSIS-2016-036: SAP Security Audit Log invalid address logging

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit logs, hiding his trails after an attack to a SAP
system.

Risk Level: High

2. Advisory Information
=======================
– Public Release Date: 09/22/2016
– Last Revised: 09/22/2016
– Security Advisory ID: ONAPSIS-2016-036
– Onapsis SVS ID:…

Source Code for IoT botnet responsible for World's largest DDoS Attack released Online

With rapidly growing Internet of Thing (IoT) devices, they have become a much more attractive target for cybercriminals.

Just recently we saw a record-breaking Distributed Denial of Service (DDoS) attacks against the France-based hosting provider OVH that reached over one Terabit per second (1 Tbps), which was carried out via a botnet of infected IoT devices.

Now, such attacks are expected