WHMCS SQL Injection Vulnerability in the Wild
A few days ago, a zero-day SQL injection vulnerability in WHMCS was disclosed by localhost.re, along with the exploit code. It was quickly patched by the WHCMS team and rated as critical since it allows an attacker full access to the database hosting WHMCS: The vulnerability allows an attacker, who has valid login to the […] more…Zero Access, vulnerability disclosure and the evils of RTF
Chester Wisniewski writes to us from Virus Bulletin 2013 in Berlin, Germany to share the latest research on malicious documents, bot herders and foos ball. more…Yahoo abandons T-shirt rewards for vulnerability information
Yahoo will stop giving T-shirts as a reward for finding security vulnerabilities after a public shaming it's calling "t-shirt gate." read more more…Yahoo reveals a new vulnerability reporting policy with rewards of up to $15,000
Yahoo revealed today that it will dole out rewards of up to $15,000 (and starting from $150) to individuals and firms that inform the company of bugs and vulnerabilities classified as new, unique and/or high-risk issues, as part of an updated vulnerability reporting policy. This is a huge change from what Yahoo has been giving […] more…IE Vulnerability Update #Japan #Metasploit
Microsoft’s Security Advisory (2887505), regarding a vulnerability in Internet Explorer, was issued just over two weeks ago. We added exploit detection soon thereafter. At the time, Microsoft reported that exploitation of the vulnerability was in limited use. Since then, evidence of attacks on Japanese targets via media sites has surfaced. And in the last week, […] more…IE zero-day vulnerability exploited more widely than previously thought
A recently announced and yet-to-be-patched vulnerability that affects all versions of Microsoft Internet Explorer (IE) has been exploited in targeted attacks against organizations in Taiwan since the beginning of July, according to security researchers. read more more…"Mailbox" app on iPads and iPhones runs JavaScript from emails – vulnerability or feature?
Italian computer scientist Michele Spagnuolo recently wrote about what he considered a security issue in the popular iPhone and iPad email app “Mailbox.” Not everyone agreed with him… more…“Mailbox” app on iPads and iPhones runs JavaScript from emails – vulnerability or feature?
Italian computer scientist Michele Spagnuolo recently wrote about what he considered a security issue in the popular iPhone and iPad email app “Mailbox.” Not everyone agreed with him… more…Vulnerability in IE Could Allow Remote Code Execution
This is probably required reading if you’re a Windows systems administrator of any sort: Microsoft Security Advisory (2887505). All versions of Internet Explorer are affected. Microsoft is currently aware of “a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9.” The limited nature of attacks is very likely to change in […] more…Microsoft Internet Explorer CVE-2013-3893 Memory Corruption Vulnerability
Type: Vulnerability. Microsoft Internet Explorer is prone to a memory-corruption vulnerability. more…Microsoft Word CVE-2013-3160 XML Files Handling Information Disclosure Vulnerability
Type: Vulnerability. Microsoft Word is prone to an information-disclosure vulnerability; fixes are available. more…Microsoft Word CVE-2013-3850 Remote Memory Corruption Vulnerability
Type: Vulnerability. Microsoft Word is prone to a remote memory-corruption vulnerability; fixes are available. more…Microsoft Word CVE-2013-3851 Remote Memory Corruption Vulnerability
Type: Vulnerability. Microsoft Word is prone to a remote memory-corruption vulnerability; fixes are available. more…Microsoft Word CVE-2013-3852 Remote Memory Corruption Vulnerability
Type: Vulnerability. Microsoft Word is prone to a remote memory-corruption vulnerability; fixes are available. more…Microsoft Word CVE-2013-3853 Remote Memory Corruption Vulnerability
Type: Vulnerability. Microsoft Word is prone to a remote memory-corruption vulnerability; fixes are available. more…Microsoft Word CVE-2013-3854 Remote Memory Corruption Vulnerability
Type: Vulnerability. Microsoft Word is prone to a remote memory-corruption vulnerability; fixes are available. more…More information
- Play it safe: 10 tips to make security education stick
- Netcraft Raises $100M, Hires New CEO for Global Expansion
- Microsoft Windows Active Directory CVE-2019-0683 Remote Privilege Escalation Vulnerability
- Ruby + OpenSSL && sprintf() == 2009-style Man-in-the-Middle?
- www.psu.edu and news.psu.edu redirect HTTP to HTTPS using permanent (301) HTTP redirects
- The number of corporate users hit by crypto ransomware is skyrocketing
- Employees have no qualms about selling corporate passwords
- Microsoft Windows JET Database Engine CVE-2019-0538 Remote Code Execution Vulnerability
- What to do when an enemy drone comes calling
- ‘Machete’ Cyberspies Target Military in Venezuela, Ecuador