LocalTapiola: HTML Injection in email from http://www.lahitapiola.fi/henkilo/sivut/tonttutesti

Basic report information Summary: HTML Injection in email from http://www.lahitapiola.fi/henkilo/sivut/tonttutesti Description: Tonttutesti´s kutsu kaverisi feature sends email to friend with a link to Localtapiola´s tonttutesti site. Fields "Nimesi" and "Kaverisi nimi" seem to be vulnerable...

Rook Security on Online Extortion

Mat Gangwer, CTO, and Tom Gorup, Security Operations Lead, at Rook Security talk to Mike Mimoso about the aggressive rise in online extortion and how it threatens not only data but physical safety. Download: RookSecurityonOnlineExtortion.mp3 Music by Chris Gonsalves...

CVE-2016-8492

CVE-2016-8492 describes an information-disclosure vulnerability in Fortinet FortiGate/FortiOS where the ANSI X9.31 RNG is used in long‑lived security channels (IPSec/TLS), potentially allowing unauthorized read access to data. Connected sources confirm this relates to DUHK-style weaknesses in RNG...

Telemarketing Firm Leaks 400,000 Recorded Calls

More than 400,000 audio files associated with a Florida company’s telemarketing efforts were stored online in the clear, and were discovered earlier this month by researchers at MacKeeper. More than 17,600 of those audio recordings were customer transactions that included names, addresses, and...

Mobile Application Security Training Platform: Security Shepherd

The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...

CVE-2017-3313

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: MyISAM. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure wher...

CVE-2017-3319

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: X Plugin. Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

Design/Logic Flaw

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks...

CVE-2017-3245

CVE-2017-3245 affects Oracle FLEXCUBE Direct Banking (Pre-Login) in Oracle Financial Services Applications. Affected versions: 12.0.2 and 12.0.3. The vulnerability allows an unauthenticated attacker who can reach the service over HTTP to compromise Direct Banking, with successful attacks potentia...

CVE-2017-3405

CVE-2017-3405 affects Oracle E-Business Suite, specifically the Oracle Advanced Outbound Telephony component (User Interface). Affected versions include 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. The vulnerability allows an unauthenticated attacker with network access via HTTP to ...

CVE-2017-3358

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...

CVE-2017-3318

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Error Handling. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the...

Breach Database Site 'LeakedSource' Goes Offline After Alleged Police Raid

The biggest mistake companies make with data security is leaving all their secrets unprotected at one place, which if attacked, they are all gone in one shot. An unnamed law enforcement agency has reportedly accessed billions of compromised usernames, email IDs, and their passwords, collected by...

Bill Calls for Study of Cybersecurity Standards for Cars

A House bill was introduced Tuesday that could accelerate the federal government’s involvement in regulating automobile cybersecurity. The Security and Privacy in Your Car Study Act of 2017, authored by Reps. Ted Lieu D-Calif. and Joe Wilson R-SC, calls on the National Highway Traffic Safety...

Browser AutoFill Feature Can Leak Your Personal Information to Hackers

Just like most of you, I too really hate filling out web forms, especially on mobile devices. To help make this whole process faster, Google Chrome and other major browsers offer "Autofill" feature that automatically fills out web form based on data you have previously entered in similar fields...

MS15-004: Description of the security update for Windows 7 and Windows Server 2008 R2 if the Remote Desktop Connection 8.1 client update is installed: January 13, 2015

MS15-004: Description of the security update for Windows 7 and Windows Server 2008 R2 if the Remote Desktop Connection 8.1 client update is installed: January 13, 2015 Summary This security update resolves a privately reported vulnerability in the TS WebProxy component in Windows 7 and Windows...

Cross-Site Scripting (XSS)

intercom-rails is vulnerable to cross-site scripting XSS attacks. A malicious user can inject or execute arbitrary script by pre-appending script tags before the arbitrary script in their data...

Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF

Summary Keep up with the demands of today’s remote workforce. Enable secure mobile access to critical apps and data without compromising security. Choose from a variety of scalable secure mobile access SMA appliances and intuitive Mobile Connect apps to fit every size business and budget...

What’s Your Computer Thinking About? Examining Random Access Memory (RAM)

How valuable would it be to be able to read another persons mind? To know what theyre thinking or planning to do would be invaluable. Or, how valuable would it be to know what they have done in the recent past, especially if you believed they were involved in some criminal activity? Who they were...

Simple Android application service end of the security vulnerability of SQL injection vulnerability and file upload vulnerability-vulnerability warning-the black bar safety net

The first three weeks, the dandelion for everyone brief introduction to the Android application of APP end of the Common Vulnerabilities, they are: Android-developers APP end common security vulnerability interpretation-sensitive information disclosure vulnerability Simple App end security...