The secure messaging app used by staffers in the White House and on Capitol Hill is not as secure as the company claims.
Confide, the secure messaging app reportedly employed by President Donald Trump’s aides to speak to each other in secret, promises “military-grade end-to-end encryption” to its users and claims that nobody can intercept and read chats that disappear after they are read.
According a new Kaspersky Lab report from the Financial Institutions Security Risks survey, financial customers are playing an important role in highlighting security incidents, with nearly one in four (24%) financial institutions claiming that some of the threats they faced in 2016 were identified and reported to them by a customer.
ESET’s Lysa Myers looks at the shortage of qualified information security talent to fill positions, discussing ways in which to plug the infosec talent gap.
The post Ways in which to plug the infosec talent gap appeared first on WeLiveSecurity
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email.
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id.
Buffer overflows in networkmap in ASUS ASUSWRT on RT-AC53 3.0.0.4.380.6038 devices allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages.
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services.
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.