Archive for the ‘vulnerabilities’ Category

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

Foxit to Fix PDF Reader Zero Days by Friday

August 22nd, 2017

Foxit Software says it will fix two vulnerabilities in its PDF reader products that could be triggered through its JavaScript API to execute code.

Posted in code execution, foxit, Foxit Reader, Foxit Software, PhantomPDF, vulnerabilities, zdi, zero day initiative | Comments (0)

Industrial Cobots Might Be The Next Big IoT Security Mess

August 22nd, 2017

Researchers at IOActive are sounding an early alarm on the security of industrial collaboration robots, or cobots. These machines work side-by-side with people and contain vulnerabilities that could put physical safety at risk.

Posted in cesar cerrudo, cobot security, cobot vulnerabilities, cobots, collaborative robots, commercial robots, Hack in the Box Singapore, industrial robots, IOActive, IoT, Luis Apa, robotics vulnerabilities, robots, vulnerabilities | Comments (0)

Drupal Patches Critical Access Bypass in Core Engine

August 17th, 2017

A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities.

Posted in access bypass vulnerabilities, access bypass vulnerability, Drupal, Drupal 7, Drupal 8, Drupal Security Team, RESTful Web Services, UUIDs, vulnerabilities, Web Security | Comments (0)

SAP Patch Tuesday Update Resolves 19 Flaws, Three High Severity

August 9th, 2017

SAP released 19 patches on Tuesday, including a trio of vulnerabilities marked high severity in its business management software.

Posted in BusinessObjects, Netweaver AS Java Web Container, Onapsis, SAP, SAP Business management software, SAP Visual Composer, Sebastian Bortnik, vulnerabilities | Comments (0)

Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

August 9th, 2017

In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors.  A study of 4.8 billion automated…

Read the whole entry… »

Related Stories

Posted in connected devices, critical infrastructure, fuzzing, Internet of things, protocol, published research, Reports, software, software development, supply chain, survey, Top Stories, trends, vulnerabilities | Comments (0)

Flash Player Marches Toward End, Patches Two Code Execution Bugs in Latest Update

August 8th, 2017

Adobe today pushed out its first Flash Player update since announcing it would end-of-life the software in 2020.

Posted in adobe, Adobe Acrobat patches, Adobe Digital Editions patches, Adobe Experience Manager, Adobe Flash Player, Adobe Flash Player end of life, Adobe Flash Player patches, Adobe Flash Player vulnerabilities, Adobe Patches, Adobe Reader patches, adobe Vulnerabilities, vulnerabilities | Comments (0)

Good guys and bad guys race against time over disclosing vulnerabilities

August 7th, 2017

What’s at stake when we don’t share vulnerability data?

Posted in disclosure, vulnerabilities, Vulnerability | Comments (0)