A cross site request forgery vulnerability in GoDaddy domain settings has been patched two days after it was reported to the domain registrar.
Tag Archives: Web Security
Report: Companies Still Not Patching Security Vulnerabilities
The Cisco 2015 Annual Security report shows that CISOs and other security personnel are confident about their strategies despite that they are not patching.
Patched API Flaw Allowed Anyone Access to Verizon Email Accounts
Verizon patched a vulnerability in an API used by its My FiOS mobile application that allowed any user access to any Verizon email account.
Root Password Found in Ceragon Microwave Bridges
An undocumented default root password was discovered in Ceragon Networks microwave bridges that facilitate wireless voice and data services.
Potential Code Execution Flaw Haunts PolarSSL Library
There is a vulnerability in PolarSSL, an open-source SSL library used in a variety of products, that could enable an attacker to execute arbitrary code under some circumstances. The vulnerability is the result of an uninitialized pointer in the PolarSSL code and researchers said that an attacker with knowledge of the target system may be […]
Memory Corruption Bugs Found in VLC Media Player
There are two memory corruption vulnerabilities in some versions of the VLC open-source media player that can allow an attacker to run arbitrary code on vulnerable machines. Neither one of the vulnerabilities has been fixed by VideoLAN, the organization that maintains VLC. Security researcher Veysel Hatas reported the vulnerabilities to VideoLAN in December and published the […]
Spammers Take A Liking to WhatsApp Mobile App
Researchers at AdaptiveMobile released a report demonstrating an increase in spam over the WhatsApp messaging app.
Threatpost News Wrap, January 16, 2015
Dennis Fisher and Mike Mimoso discuss the security news of the past week, including the proposed changes to the CFAA, David Cameron’s encryption comments, the NSA’s quasi-apology regarding Dual EC and the Microsoft-Google disclosure feud.
Mozilla Patches Nine Vulnerabilities With Firefox 35
Mozilla released the latest version of its flagship browser this week, Firefox 35, fixing nine vulnerabilities, including three critical bugs.
Teen Arrested in UK for Xbox, PlayStation Attacks
Police in the UK, working in cooperation with the FBI, arrested an 18-year-old man Friday in connection with recent DDoS attacks on the PlayStation Network and Xbox Live services. The authorities arrested the unnamed man in Southport, and he is being held on suspicion of computer crime and unauthorized access to computer material. UK officials […]