52 matches found
CVE-2017-8328
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery...
Cross site request forgery (csrf)
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any cross-site request forgery protection...
Super-systemic IoT flaws
IoT security flaws were always systemic: by that I mean that if I find a flaw in my smart thermostat, it affects ALL of those thermostats. A security problem with one connected car leads to problems with ALL the connected cars using that same system. That led to incidents such as the Mirai botnet...
Let’s Continue the Skills Gap Conversation
Most analysis is that the cybersecurity skills gap or shortage is getting worse. ESG reported in CSOOnline that 2018 had the highest levels, at 51%, where organizations "claimed their organization had a problematic shortage of cybersecurity skills." It’s a complex problem, but I believe with...
Nicholas Weaver on Cryptocurrencies
This is well-worth reading non-paywalled version. Here's the opening: Cryptocurrencies, although a seemingly interesting idea, are simply not fit for purpose. They do not work as currencies, they are grossly inefficient, and they are not meaningfully distributed in terms of trust. Risks involving...
Estimating the Cost of Internet Insecurity
It's really hard to estimate the cost of an insecure Internet. Studies are all over the map. A methodical study by RAND is the best work I've seen at trying to put a number on this. The results are, well, all over the map: "Estimating the Global Cost of Cyber Risk: Methodology and Examples":...
LoadedCommerce7 - Systemic Query Factory Vulnerability
No description provided by source. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor...
LoadedCommerce7 - Systemic Query Factory Vulnerability
Loaded Commerce 7 shopping cart/online store suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory:...
LoadedCommerce7 - Systemic Query Factory
LoadedCommerce7 - Systemic Query Factory Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline:...
LoadedCommerce7 - Systemic Query Factory
Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor notified - 29 July 2014 Vendor...
Team Ghost Shell Claims to Publish Records from Thousands of Universities
Lashing out against what they believe is a hopelessly broken international education system, the hacker collective Team Ghostshell published some 120,000 records from a number of the world’s top universities. They are calling the operation “Project WestWind.” In a post on Pastebin, the group...
The Next Security Scandal Will Be An Attack on High Frequency Trading Systems
The U.S. Securities and Exchange Commission voted on Tuesday to impose new rules to help oversee what experts warn is a burgeoning and little understood shadow market of ultra high-speed, computer based trading. But one security expert warns that new reporting rules are only part of the problem...