RubyGems maintainers patched a vulnerability, reported by Trustwave and OpenDNS, that allows RubyGem clients to be redirected to an attacker-controlled gem server.
Tag Archives: Web Security
HP Releases Details, Exploit Code for Unpatched IE Flaws
Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer.
Google Fixes Handful of Bugs in Chrome
Google has fixed several vulnerabilities in Chrome, including a pair of cross-origin bypasses and a high-risk scheme validation error.
Ubuntu Patches Privilege-Escalation Bug
There is a privilege-escalation vulnerability in several versions of Ubuntu that results from the fact that the operating system fails to check permissions when users are creating files in some specific circumstances.
Trio of Vulnerabilities Patched in Magneto Web App
A trio of vulnerabilities were recently patched in eBay’s Magento e-commerce web application that could have let attackers carry out a handful of exploits.
Static Encryption Key Found in SAP HANA Database
Researchers from ERPScan said SAP’s HANA in-memory database contains a default static encryption key.
Major Carriers AT&T, Verizon Continue to Lag in EFF Privacy Report
Major telecoms like AT&T and Verizon continue to lag behind in the Electronic Frontier Foundation’s annual “Who Has Your Back” report.
Reddit to Move to HTTPS-Only
In the two years since the details of the NSA’s deep penetration of the Internet infrastructure began to emerge, there has been a major movement afoot among Web companies to encrypt more and more of their resources and services. The latest large property to make this move is Reddit, which by the end of the […]
Drupal Fixes Critical OpenID Bug
Drupal has patched several vulnerabilities in versions 6 and 7 of the content-management system, including a critical bug that enables an attacker to hijack administrators’ accounts and take arbitrary actions on target sites. That vulnerability lies in the OpenID module in Drupal that enables users to authenticate themselves using the OpenID protocol. The protocol is based […]
LinkedIn Goes Public with Its Private Bug Bounty
LinkedIn today announced that since October it has been running a private bug bounty, and to date has patched 65 bugs and paid out $65,000 in rewards.