A nasty remote code execution vulnerability was recently patched in Magento, eBay’s eCommerce platform
Tag Archives: Web Security
Google Moving Toward Encrypted Ad Services
Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well. Google’s ad networks are pervasive […]
Threatpost News Wrap, April 17, 2015
Dennis Fisher and Mike Mimoso discuss the Windows HTTP.sys vulnerability, Google’s decision to turn off the NPAPI in Chrome and the voting machine security disaster in Virginia.
Active DoS Exploits for MS15-034 Under Way
Public denial-of-service exploits for a critical vulnerability in Microsoft’s implementation of the HTTP protocol stack, HTTP.sys are under way, while remote code execution attacks may still be to come.
Google Shuts Off NPAPI in Chrome
With the release of Chrome 42 this week, Google fixed more than 40 vulnerabilities. But the most significant security change in the new browser is Google’s decision to disable the NPAPI, essentially turning off plugins such as Java and Silverlight by default. The decision didn’t come out of nowhere. Google warned developers and users about it […]
SearchBlox Fixes XSS, File Upload Flaws
SearchBlox, a provider of enterprise search technology, has patched several serious vulnerabilities in its flagship product, including cross-site scripting, cross-site request forgery and other issues. The company, which sells a variety of enterprise search products, has released version 8.2 of the main SearchBlox product to address the vulnerabilities, which were report to the CERT/CC at […]
AirDroid Patches Web App Hijacking Vulnerability
Researchers at Bishop Fox disclose details on a patched authentication vulnerability in the AirDroid web application that could give attackers remote control over Android devices.
Apple Fixes Cookie Access Vulnerability in Safari on Billions of Devices
Apple recently fixed a cookie vulnerability that existed in all versions of Safari – iOS, OS X, and Windows – that may have affected 1 billion devices.
Dell Threat Report Claims 100 Percent Increase in SCADA Attacks
Dell released its annual threat report yesterday, ringing the alarm bells on point-of-sale and industrial control system attack in 2014 and beyond.
Google Fixes Dozens of Bugs in Chrome 42
Google has released Chrome 42, a major security upgrade to the browser that includes patches for 45 vulnerabilities. The latest version of Chrome carries with it fixes for a number of high-severity bugs, including a cross-origin bypass in the HTML parser. That vulnerability earned an anonymous security researcher a reward of $7,500 from Google. In all, […]