A Russian security researcher discovered that he could delete any video on YouTube by sending a simple POST request in YouTube’s Creator Studio.
Browsing Category: Vulnerabilities
Students at St. Mary’s University in Canada released to open source a web-based threat modeling tool called Seasponge that they hope will provide an alternative to Microsoft’s free tool.
DHS warned of a serious vulnerability in Multicast DNS devices whereby leaked system information could be leveraged in a DDoS amplification attack.
Mozilla has released Firefox 37, and along with the promised addition of the OneCRL certificate revocation list, the company has included a feature that enables opportunistic encryption on connections for servers that don’t support HTTPS. The new feature gives users a new defense against some forms of monitoring and doesn’t require any setup from users. When[…]
Popular NoSQL database MongoDB has released an update that patches a critical denial-of-service vulnerability.
An APT group with its sights on selective targets, most of those in Israel, has been using an elusive malware implant to steal data from groups with state and political interests.
eBay has fixed a pair of security vulnerabilities in its site that could enable attackers to upload executable files disguised as benign file types, construct full path URLs and then point victims to them through drive-by download attacks. The first bug resulted from the failure of an eBay page to check the headers of image files uploaded by[…]
Until yesterday, a popular networking library for iOS and OS X, used by several apps like Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks.
There are a series of vulnerabilities related to credentials and authentication in two of Schneider Electric’s HMI products, and an attacker who exploits them may be able to run arbitrary code.