A week in security (September 12 – 18)

Last week on Malwarebytes Labs: The North Face hit by credential stuffing attack Facebook engineers aren't sure where all user data is kept 6 patch management best practices for businesses The MSP playbook on deciphering tech promises and shaping security culture Apple puts the password on life...

Virus Bulletin 2018: macOS Flaw Allows Attackers to Hijack Installed Apps

MONTREAL — A serious flaw in how macOS handles code signatures can lead to the compromise of multiple applications on Apple computers. Worse, the issue is largely unknown to most Mac users, and even most Mac administrators. “Because macOS checks code signatures very infrequently, it is easily...

IPMap 2.5 Shell Upload Vulnerability

IPMap suffers from remote shell upload vulnerabilities in the mobile IPMap v2.5 app for the apple ipad & iphone. IPMap v2.5 iPad iPhone - Arbitrary File Upload Web Vulnerabilities Introduction: ============= IPMap - IP Address Lookup Details & HTTP Wireless File Sharing with latest WorldWide IP...

eliteCMS multiple Vulnerabilities

eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability. These issues occur because the application fails to sufficiently sanitize user-supplied input...

AIOCP 1.3.x - 'cp_newsletter.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...