XKCD's Smartphone Security System

Funny...

Uber: ubernycmarketplace.com is vulnerable to the Heartbleed Bug

The Heartbleed Bug was a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. This allows attackers to eavesdrop on communications, stea...

blog.identifont.com XSS vulnerability

Open Bug Bounty ID: OBB-509422 Description| Value ---|--- Affected Website:| blog.identifont.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

blog.bebee.com XSS vulnerability

Open Bug Bounty ID: OBB-509398 Description| Value ---|--- Affected Website:| blog.bebee.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cybersecurity and the 2017 US National Security Strategy

Commentaries on the 2017 US national security strategy by Michael Sulmeyer and Ben Buchanan...

A week in security (January 1 – January 7)

New year, new threats, as 2018 gets underway. On our blog, we had dubious searches aplenty for those hunting for Malwarebytes information, and we also covered the huge Meltdown/Spectre bug, affecting hardware going back to 10 years. Other news Coin miners are at it again, with a proof of concept...

January 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

Happy 15th Birthday TaoSecurity Blog

Today, 8 January 2018, is the 15th birthday of TaoSecurity Blog! This is also my 3,020th blog post. I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone. I don't believe I've released statistics for the blog before, so here are a few. Blogger...

Friday Squid Blogging: How the Optic Lobe Controls Squid Camouflage

Experiments on the oval squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

CVE-2017-5754

creationtimestamp| type| source ---|---|--- 2018-01-04 04:07:06+00:00| exploited| https://t.me/BleepingComputer/2305 2018-01-05 14:03:36+00:00| exploited| https://t.me/antichat/566 2018-01-05 14:18:35+00:00| exploited| https://t.me/alexmakus/1614 2018-03-14 15:55:35+00:00| exploited|...

cocina-con-corazon.blogs.diezminutos.es XSS vulnerability

Open Bug Bounty ID: OBB-483876 Description| Value ---|--- Affected Website:| cocina-con-corazon.blogs.diezminutos.es Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...

CVE-2017-1000467

LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code...

Cross site scripting

LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code...

CVE-2017-1000467

LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code...

CVE-2017-1000467

CVE-2017-1000467 concerns LavaLite 5.2.4 with a stored cross-site scripting vulnerability on the blog creation page, which can lead to disruption of service and execution of JavaScript. The connected documents consistently reference the same issue across multiple sources (Red Hat, GHSA, CNVD, CVE...

Cross site scripting

Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code...

CVE-2017-1000463

Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code...

CVE-2017-1000463

Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code...

CVE-2017-1000463

Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code...

Beers with Talos EP 19: The "Best" of BWT

Beers with Talos BWT Podcast Episode 19 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP19 Show Notes: Quotes intended, we think you know why. Mitch takes control to present the best of the...