A week in security (October 28 – November 3)

Last week on Malwarebytes Labs: 1,000+ web shops infected by "Phish ‘n Ships" criminals who create fake product listings for in-demand products Android malware FakeCall intercepts your calls to the bank Patch now! New Chrome update for two critical vulnerabilities Update your iPhone, Mac, Watch:...

Ruby on Rails: Regular expression denial of service in ActiveRecord's PostgreSQL Money type

Summary Hello team! The regular expressions used in the Money type to convert strings like -$100,000.00 to 100000 have an execution time with a quadratic growth proportional to the length of the string. Causing the denial of service requires very long strings but if the parameter is in a post bod...

Wirecard Checkout Page 1.0 Price Manipulation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2015-061 Product: Wirecard Checkout Page Manufacturer: Wirecard AG Affected Versions: 1.0 Tested Versions: 1.0 Vulnerability Type: Improper Validation of Integrity Check Value CWE-354 Risk Level: High Solution Status: Fixed...