The news of the week is recapped, including the fallout around CloudBleed, the CloudPets breach, and a Slack token bug. The life of Howard Schmidt is also remembered.
Browsing Category: Web Security
Cisco is warning of a flaw that creates conditions susceptible to a DoS attack in its NetFlow Generation Appliance.
Google removed 132 apps infected with malicious iFrames from its Google Play store.
Cloudflare said it could not find evidence of malicious exploitation of the Cloudbleed vulnerability, even though the bug was triggered 1.2 million times.
Yahoo said in its latest SEC filing that executives and legal reps failed to act sufficiently on the information they had about breaches that exposed more than 1 billion account records.
A proof of concept bypass of Google’s CAPTCHA verification system uses Google’s own web-based tools to pull off the skirting of the system.
The cloud-based collaboration tool Slack was quick to fix a bug earlier this month that could have let an attacker steal a user’s private Slack token.
The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.
Dridex has undergone a massive update and now sports a new injection method for evading detection based on the technique known as AtomBombing.
Voice messages from children sent through an internet-connected toy called CloudPets were stolen from an exposed MongoDB database, which has been wiped clean and the data held for ransom.