4 matches found
Photopt App fails to verify SSL server certificates
Overview Photopt App provided by NTT Communications Corporation fails to verify SSL server certificates. Yuto Iso reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may allow an...
Meridian vulnerable to cross-site scripting
Overview Meridian provided by Nexa Technologies is a software for market trading. Meridian contains a cross-site scripting vulnerability. Kazuyuki Matsuda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Command and Control Used in Sanny APT Attacks Shut Down
Two message boards used by the Sanny malware as a command-and-control channel have been shut down by the Korea Information Security Agency in conjunction with security company FireEye. Sanny is a targeted attack, attributed to attackers in Korea, against individuals working in Russia’s aerospace,...
Europe's Cybersecurity Agency Gears Up for War on Botnets !
The European Network and Information Security Agency ENISA, Europe's Cyber security agency, issued a report focused on botnets this week titled, "Botnets: Measurement, Detection, Disinfection and Defence." The report discusses the reliability of botnet size estimates and provides recommendations...