Author Archives: The Vigilant Application Owner

Critical Security Vulnerability At Amazon Fixed


January 18, 2013 By
The Vigilant Application Owner

The H – (International) Critical security vulnerability at Amazon fixed. The Amazon Web site has fixed a cross-site scripting vulnerability which could have been used to inject malicious JavaScript code which allows 3rd-party access to various elements of a user’s account, including the shopping cart, history, name, and email address associated with the account. Source: […]

Continue reading...

Security Explorations Identifies Two Vulnerabilities In Java 7 Update 11


By
The Vigilant Application Owner

Softpedia – (International) Security explorations identifies two vulnerabilities in Java 7 Update 11. Security Explorations researchers discovered a pair of vulnerabilities in the newest version of Java that can allow attackers to perform – 7 – a complete sandbox bypass. Source: http://news.softpedia.com/news/Security-Explorations-Identifies-Two-Vulnerabilities-in-Java-7-Update-11-322390.shtml

Continue reading...

FAKEM RATs Disguise Their Traffic As Yahoo! Messenger To Avoid Detection


By
The Vigilant Application Owner

Softpedia – (International) FAKEM RATs disguise their traffic as Yahoo! Messenger to avoid detection. A white paper published by Trend Micro detailed the way that a series of remote access trojans known as FAKEM disguises its traffic to appear as that of commonly used applications or HTML to avoid detection. Source: http://news.softpedia.com/news/FAKEM-RATs-Disguise-Their-Traffic-as-Yahoo-Messenger-to-Avoid-Detection-322227.shtml

Continue reading...

Drupal 7.19 and 6.28 Released To Address XSS, Access Bypass Flaws


January 17, 2013 By
The Vigilant Application Owner

Softpedia – (International) Drupal 7.19 and 6.28 released to address XSS, access bypass flaws. The developers of Drupal released Drupal 7.19 and Drupal 6.28, which address a cross-site scripting vulnerability and several access bypass vulnerabilities present in older versions. Source: http://news.softpedia.com/news/Drupal-7-19-and-6-28-Released-to-Address-XSS-Access-Bypass-Flaws-321861.shtml

Continue reading...

Oracle Releases 86 Patches In Its January Critical Patch Update


January 16, 2013 By
The Vigilant Application Owner

Threatpost – (International) Oracle releases 86 patches in its January Critical Patch Update. Oracle released its quarterly Critical Patch Update, which addresses 86 security vulnerabilities in various Oracle products. Source: http://threatpost.com/en_us/blogs/oracle-releases-86-patches-its-january-critical-patch-update-011613

Continue reading...

Expert Finds Security Holes In Sites Of Microsoft, Twilio and ProActive CMS


By
The Vigilant Application Owner

Softpedia – (International) Expert finds security holes in sites of Microsoft, Twilio and ProActive CMS. A security researcher discovered vulnerabilities in Web sites belonging to Microsoft and Twilio, as well as issues in ProActive content management system (CMS). Twilio and Microsoft addressed their respective cross-site request forgery and cross-site scripting vulnerabilities, while the ProActive CMS […]

Continue reading...

Red October Cyber Espionage Campaign Relied On Java Exploit To Infect Computers


January 15, 2013 By
The Vigilant Application Owner

Softpedia – (International) Red October cyber espionage campaign relied on Java exploit to infect computers. Researchers at Seculert analyzed the recently-discovered ‘Red October’ cyber espionage campaign and found that it had also utilized a Java vulnerability to disseminate malware. Source: http://news.softpedia.com/news/Red-October-Cyber-Espionage-Campaign-Relied-on-Java-Exploit-to-Infect-Computers-321319.shtml

Continue reading...