Security Bulletin: WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to a remote code execution vulnerability (CVE-2020-4589)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed i...

How Facebook and Other Sites Manipulate Your Privacy Choices

Social media platforms repeatedly use so-called dark patterns to nudge you toward giving away more of your data...

The Subtle Tricks Shopping Sites Use to Make You Spend More

Through deceptive designs known as “dark patterns,” online retailers try to nudge you toward purchases you wouldn’t otherwise make...

How to Spot—and Avoid—Dark Patterns on the Web

You've seen them before: the UX ploys designed to trick you into spending money, or make it nearly impossible to unsubscribe. Here's what to look out for...

Ubuntu 16.04 LTS / 18.04 LTS : librsvg vulnerabilities (USN-4436-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4436-1 advisory. It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsv...

USN-4436-1 librsvg vulnerabilities

It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2017-11464 It was discovered that librsvg incorrectly handled...

CVE-2019-17639

In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value...

Ubuntu 16.04 LTS / 18.04 LTS : GNU C Library vulnerabilities (USN-4416-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4416-1 advisory. Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cau...

USN-4416-1: GNU C Library vulnerabilities

Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2017-121...

Apache Httpd < 2.4.44 : Push Diary Crash on Specifically Crafted HTTP/2 Header

In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins...

UBUNTU-CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. An application written in Perl would only be vulnerable to this flaw if it evaluat...

Friday Squid Blogging: Humboldt Squid Communication

Humboldt Squid communicate by changing their skin patterns and glowing. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Analyzing the Effects of COVID-19 on mPulse Traffic

The events surrounding the COVID-19 pandemic, and in particular various social-distancing measures quarantine, shelter in place, etc., have had an impact on people's lives and routines across the world. As internet usage is a large part of those routines, we wanted to see how usage changed as the...

Security Bulletin: Potential spoofing attack in Webshere Application Server shipped with IBM WebSphere Application Server Patterns (CVE-2020-4421)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed i...

Anti-Phishing process with advanced phishing attacks simulation

This time I want to write about the service of my friends from Antiphish. They call it “security awareness and employee behaviour management platform”. Simply put, they teach company employees how to detect and avoid phishing attacks. By the way, they are great guys, made a demo for me, prepared...

[SECURITY] Fedora 31 Update: haproxy-2.0.14-1.fc31

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

More Insights on The Global DDoS Threat Landscape

Recently, edge services product manager David Elmaleh and Imperva Research Labs’ data scientist Johnathan Azaria shared their DDoS knowledge in a live BrightTalk webinar about the current threat landscape and what you need to do to ensure you are adequately prepared. David and Johnathan not only...

Friday Squid Blogging: Humboldt Squid Backlight Themselves to Communicate More Clearly

This is neat: Deep in the Pacific Ocean, six-foot-long Humboldt squid are known for being aggressive, cannibalistic and, according to new research, good communicators. Known as "red devils," the squid can rapidly change the color of their skin, making different patterns to communicate, something...

MGASA-2020-0181 Updated git packages fix security vulnerability

Updated git packages fix security vulnerability: Malicious URLs can still cause Git to send a stored credential to the wrong server CvE-2020-111008. With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential...