vulnerabilities

Vulnerabilities

Issued by: Dark Reading

Web App Vulnerabilities Flying Under Your Radar

Organizations could face big problems from seemingly small Web application vulnerabilities. The problem is, many of these bugs fly under the radar because they’re not considered severe. Shandon Lewis, senior Web application penetration tester at Backward Logic, discussed a few of these bugs in his presentation “Vulnerabilities in Web Applications That Are Often Overlooked” at…

Vulnerabilities

Issued by: Help Net Security

Researchers develop cybersecurity system to test for vulnerabilities in technologies that use GPS

Southwest Research Institute has developed a cybersecurity system to test for vulnerabilities in automated vehicles and other technologies that use GPS receivers for positioning, navigation and timing. “This is a legal way for us to improve the cyber resilience of autonomous vehicles by demonstrating a transmission of spoofed or manipulated GPS signals to allow for…

Vulnerabilities

Issued by: Security Week

Oracle, Gemalto Downplay Java Card Vulnerabilities

In March, Poland-based Security Explorations reported identifying nearly 20 vulnerabilities in the latest version of Oracle Java Card (version 3.1), including weaknesses that can be exploited to compromise the security of chips using this technology. The firm has continued analyzing the software and it now claims to have found 34 issues. Java Card technology is…

Vulnerabilities

Issued by: Security Week

Multiple Security Flaws Discovered in Visitor Management Systems

The analyzed systems include Lobby Track Desktop (Jolly Technologies), EasyLobby Solo (HID Global), eVisitorPass (Threshold Security), Envoy Passport (Envoy), and The Receptionist (The Receptionist). A total of 19 vulnerabilities were discovered in these systems, and their successful exploitation could lead to exfiltration of data such as visitor logs, contact information, or corporate activities; complete takeover…

Vulnerabilities

Issued by: Security Week

Critical Drupal Vulnerability Allows Remote Code Execution

The security hole, tracked as CVE-2019-6340, is caused by the lack of proper data sanitization in some field types, which, in some cases, can allow an attacker to execute arbitrary PHP code, Drupal developers said. The issue was discovered by Samuel Mortenson of the Drupal Security Team. Exploitation of CVE-2019-6340 is possible if the core…

Vulnerabilities

Issued by: Security Week

Apple Patches FaceTime Spying Vulnerability

Apple described the flaw, tracked as CVE-2019-6223, as a logic issue in the handling of Group FaceTime calls. The company says the problem has been addressed with “improved state management.” The bug allowed an attacker to spy on FaceTime users by calling the targeted user and adding the attacker’s own number to a group chat….

Vulnerabilities

Issued by: Dark Reading

4 Payment Security Trends for 2019

Visa’s chief risk officer anticipates some positive changes ahead. Change that leads to improvement is usually good, in my opinion, and in my role at Visa, I anticipate some healthy changes ahead for the payment industry. Of course, no one can perfectly predict what is to come, but here is my take on four notable…

Mobile Security

Issued by: Security Week

Apple Working on Patch to Prevent FaceTime Spying

Videos and descriptions of the vulnerability have been making the rounds on social media websites. The attack does not require any technical knowledge and it can be carried out in seconds. The attacker calls the targeted user via FaceTime and then immediately initiates a group chat by using the “Add person” button from the bottom…

Vulnerabilities

Issued by: Security Week

Code Execution Vulnerability Impacts Linux Package Manager

Tracked as CVE-2019-3462, the software bug could be exploited by hackers able to perform network man-in-the-middle (MitM) attacks to inject content and have it executed on the target machine with root privileges. Malicious package mirrors can also exploit the bug. “The code handling HTTP redirects in the HTTP transport method doesn’t properly sanitize fields transmitted…