Archive for the ‘Web Security’ Category

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

Business Email Compromise Campaign Harvesting Credentials in Numerous Industries

August 23rd, 2017
Flashpoint warns of a new business email compromise campaign targeting organizations in various industries with the aim of harvesting credentials.

Posted in BEC, Business Email Compromise, credential harvesting, Cybercrime, email security, Flashpoint, fraud, phishing, privacy, Ronnie Tokazowski, Web Security | Comments (0)

Facebook Awards $100K to Researchers for Credential Spearphishing Detection Method

August 21st, 2017
Researchers who identified a real-time way to detect credential spearphishing attacks in enterprise settings won $100,000 from Facebook last week.

Posted in detection, facebook, Internet Defense Prize, phishing, spearphishing, Usenix, Web Security | Comments (0)

Meeting and Hotel Booking Provider’s Data Found in Public Amazon S3 Bucket

August 21st, 2017
Personal and business data belonging to Boston area meeting and hotel booking provider Groupize was discovered in a publicly accessible Amazon Web Services S3 bucket, which has since been locked down.

Posted in amazon s3, Amazon Web Services, AWS, data breach, Data leak, Groupize, Kromtech Security, personally identifiable information, PII, privacy, Web Security | Comments (0)

Threatpost News Wrap, August 18, 2017

August 18th, 2017
Mike Mimoso and Tom Spring discuss this week's security news, including a discussion on recent hijacking of popular Chrome extensions and Adobe's decision to end-of-life Flash Player.

Posted in adobe, Chrome extensions, flash player, fraud, NetSarang backdoor, Podcasts, Threatpost News Wrap, vulnerabilities, Web Security | Comments (0)

Drupal Patches Critical Access Bypass in Core Engine

August 17th, 2017
A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities.

Posted in access bypass vulnerabilities, access bypass vulnerability, Drupal, Drupal 7, Drupal 8, Drupal Security Team, RESTful Web Services, UUIDs, vulnerabilities, Web Security | Comments (0)

Flash’s Final Countdown Has Begun

August 16th, 2017
The impending demise of Adobe Flash will create legacy challenges similar to Windows XP as companies begin to wean themselves off the vulnerable code base.

Posted in adobe, Adobe Flash Player, Adobe Flash Vulnerabilities, Animate CC, apple, facebook, flash player, Flash Professional CC, google, Hacking Team breach, hacks, html5, malware, Microsoft, mozilla, Open Source, Steve Jobs, vulnerabilities, Web Security, Windows XP end of life | Comments (0)

Seven More Chrome Extensions Compromised

August 15th, 2017
The list of compromised Chrome extensions that hijack traffic and substitute advertisements on victims’ browsers grows.

Posted in A9t9 Software, Chrome extensions, Chrometana, Copyfish, google play, hacks, Infinity New Tab, Social Fixer, Web developer, Web Paint, Web Security | Comments (0)