Archive for the ‘Web Security’ Category

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

Drupal Patches Critical Access Bypass in Core Engine

August 17th, 2017

A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities.

Posted in access bypass vulnerabilities, access bypass vulnerability, Drupal, Drupal 7, Drupal 8, Drupal Security Team, RESTful Web Services, UUIDs, vulnerabilities, Web Security | Comments (0)

Attackers Using Automated Scans to Takeover WordPress Installs

July 13th, 2017

Attackers have been carrying out WPSetup attacks, taking advantage of users who have installed WordPress but not yet configured it.

Posted in Mark Maunder, SiteLock, Web Security, WordFence, WordPress, Wordpress Security, WPSetup | Comments (0)

WordPress Fixes CSRF, XSS Bugs, Announces Bug Bounty Program

May 18th, 2017

WordPress fixed six vulnerabilities with version 4.7.5 and announced a bug bounty program with HackerOne this week.

Posted in vulnerabilities, Web Security | Comments (0)

Vanilla Forums Software Vulnerable to RCE, Host Header Injection Vulnerability

May 11th, 2017

Vanilla Forums software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.

Posted in Dawid Golunski, Host Header Injection vulnerability, remote code execution, Vanilla Forums, vulnerabilities, Web Security | Comments (0)

Microsoft’s New Security Update Guides Get Mixed Reviews

May 11th, 2017

Microsoft gets a lukewarm response with its new Microsoft Security Guides that replaced Security Bulletins.

Posted in Microsoft Patch Tuesday, Microsoft security bulletins, microsoft Security Update Guide, Security Update Guide, vulnerabilities, Web Security | Comments (0)

ASUS Patches RT Router Vulnerabilities

May 11th, 2017

ASUS updated the firmware in March of a number of its RT routers to address vulnerabilities found within the device’s native web interface.

Posted in ASUS, ASUS firmware, ASUS patch, ASUS RT routers, ASUS vulnerabilities, Cross-site request forgery, default credentials, firmware updates, firmware vulnerabilities, JSONP vulnerabilities, Nightwatch Cybersecurity, Router Security, Router vulnerabilities, vulnerabilities, Web Security, Wi-Fi passwords | Comments (0)

Adobe Patches Seven Critical Vulnerabilities in Flash, AEM

May 9th, 2017

Adobe fixed eight vulnerabilities, seven critical, in Flash Player and Adobe Experience Manager (AEM) Forms product as part of its regularly scheduled updates Tuesday morning.

Posted in adobe, Adobe Experience Manager (AEM) Forms, code execution vulnerabilities, flash player, patch tuesday, vulnerabilities, Web Security | Comments (0)