Organizations could face big problems from seemingly small Web application vulnerabilities. The problem is, many of these bugs fly under the radar because they’re not considered severe. Shandon Lewis, senior Web application penetration tester at Backward Logic, discussed a few of these bugs in his presentation “Vulnerabilities in Web Applications That Are Often Overlooked” at…

Southwest Research Institute has developed a cybersecurity system to test for vulnerabilities in automated vehicles and other technologies that use GPS receivers for positioning, navigation and timing. “This is a legal way for us to improve the cyber resilience of autonomous vehicles by demonstrating a transmission of spoofed or manipulated GPS signals to allow for…

In March, Poland-based Security Explorations reported identifying nearly 20 vulnerabilities in the latest version of Oracle Java Card (version 3.1), including weaknesses that can be exploited to compromise the security of chips using this technology. The firm has continued analyzing the software and it now claims to have found 34 issues. Java Card technology is…

The analyzed systems include Lobby Track Desktop (Jolly Technologies), EasyLobby Solo (HID Global), eVisitorPass (Threshold Security), Envoy Passport (Envoy), and The Receptionist (The Receptionist). A total of 19 vulnerabilities were discovered in these systems, and their successful exploitation could lead to exfiltration of data such as visitor logs, contact information, or corporate activities; complete takeover…

The security hole, tracked as CVE-2019-6340, is caused by the lack of proper data sanitization in some field types, which, in some cases, can allow an attacker to execute arbitrary PHP code, Drupal developers said. The issue was discovered by Samuel Mortenson of the Drupal Security Team. Exploitation of CVE-2019-6340 is possible if the core…

Apple described the flaw, tracked as CVE-2019-6223, as a logic issue in the handling of Group FaceTime calls. The company says the problem has been addressed with “improved state management.” The bug allowed an attacker to spy on FaceTime users by calling the targeted user and adding the attacker’s own number to a group chat….

Visa’s chief risk officer anticipates some positive changes ahead. Change that leads to improvement is usually good, in my opinion, and in my role at Visa, I anticipate some healthy changes ahead for the payment industry. Of course, no one can perfectly predict what is to come, but here is my take on four notable…

Videos and descriptions of the vulnerability have been making the rounds on social media websites. The attack does not require any technical knowledge and it can be carried out in seconds. The attacker calls the targeted user via FaceTime and then immediately initiates a group chat by using the “Add person” button from the bottom…

Tracked as CVE-2019-3462, the software bug could be exploited by hackers able to perform network man-in-the-middle (MitM) attacks to inject content and have it executed on the target machine with root privileges. Malicious package mirrors can also exploit the bug. “The code handling HTTP redirects in the HTTP transport method doesn’t properly sanitize fields transmitted…