Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes

Critical flaws in the popular Meetup platform were revealed Monday as part of research unleashed at this week’s Black Hat USA 2020. The flaws, which have been patched, enable the full takeover of Meetup “Groups” by threat actors, who can also redirects payments and carryout other malicious action...

The State of Vulnerabilities in 2019

As a web application firewall provider, part of our job at Imperva is to continually monitor for new security vulnerabilities. To do this, we use internal software that collects information from various data sources such as vulnerability databases, newsletters, forums, social media and more,...

Kids Tracker Watches: CloudPets, exploiting athletes and hijacking reality TV

Kids smart tracker watch security: everyone has missed the point. It’s not a few thousand here and there. It’s at least 47 million, probably around 150 million exposed tracking devices. It all points back to two or three lazy device manufacturers, much like Mirai v1 did There have been lots of...

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

SUSE-SU-2019:1643-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

QSC18: API Security, Enabling Innovation Without Enabling Attacks and Data Breaches

Without APIs, it would be near impossible to see enterprises being able to digitally transform themselves. After all, APIs are the connective-tissue between applications and systems and they make the management, automation and consumption of technology possible at scale. APIs are what enable...

SUSE-SU-2018:2578-1 Security update for couchdb

This update for couchdb to 1.7.2 fixes the following security issues: - CVE-2018-8007: Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it was possible for a CouchDB...

SUSE-SU-2018:0907-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Security issues fixed in Firefox ESR 52.7.3 bsc1085130: - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds writ...

Researcher Outlines Multiple Vulnerabilities in Quanta Routers

Routers manufactured by Quanta are riddled with critical vulnerabilities–backdoors, a hardcoded SSH key, and remote code execution flaws, to name a few–that won’t be patched because the company considers the product end of life. Researcher Pierre Kim found the flaws and reasons that the flaws are...

SUSE-SU-2015:1897-1 Security update for krb5

krb5 was updated to fix three security issues. These security issues were fixed: - CVE-2015-2695: Applications which call gssinquirecontext on a partially-established SPNEGO context could have caused the GSS-API library to read from a pointer using the wrong type, generally causing a process cras...

About the security content of AirPort Update 2006-001 and Security Update 2006-005

About the security content of AirPort Update 2006-001 and Security Update 2006-005 This document describes Security Update 2006-005 and the security content of AirPort Update 2006-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads. For the protecti...