Facebook vulnerability allowed access to personal and payment information

Bitdefender has discovered a significant vulnerability within Facebook which allowed access to any user account through simple social login manipulation. The attacker was able to gain access to personal user information, a contacts list for potential malware distribution and payment information – allowing purchases to be made in the user’s name. Attack vector The attack vector in this case – social logins – are an alternative to traditional authentication. This form of access offers users … More

Microsoft plugs online services account hijacking vulnerability

London-based security researcher and bug hunter Jack Whitton has discovered a serious cross-site request forgery flaw affecting Microsoft’s authentication system for online services. A successful exploitation of the vulnerability could allow attackers to collect users’ login tokens and use them to impersonate users on Microsoft’s services, but the good news is that the Redmond giant took only two days to plug the security hole once they knew about it. “Microsoft, being a huge company, have … More

SideStepper vulnerability can be used to install malicious apps on iOS

Check Point researchers have identified SideStepper, a vulnerability that can be used to install malicious apps on iPhones and iPads to steal login credentials and sensitive data. SideStepper allows an attacker to get around security enhancements in iOS 9 which are supposed to protect users from installing malicious enterprise apps. These enhancements require the user to take several steps in device settings to trust an enterprise developer certificate, thereby making it harder to install a … More

Phishing underground: Exploiting the human vulnerability

At the RSA Conference in San Francisco, PhishLabs exposed the murky evolution of a thriving, sophisticated phishing underworld. Their report is based on more than one million confirmed malicious phishing sites residing on more than 130,000 unique domains, and the movement of more than 90 threat actor groups and organizations actively deploying spear phishing. Key findings Spear phishing remains the primary initial attack vector used by APT actors. However, 22 percent of spear phishing attacks … More

Severe and unpatched eBay vulnerability allows attackers to distribute malware

Check Point researchers have discovered a severe vulnerability in eBay’s online sales platform, which allows criminals to distribute malware and run phishing campaigns. This vulnerability allows attackers to bypass eBay’s code validation and control the vulnerable code remotely, to execute malicious Javascript code on targeted eBay users. If this flaw is left unpatched, eBay users will continue to be exposed to potential phishing attacks and data theft. Details An attacker can target eBay users by … More

86% of PHP-based apps contain at least one XSS vulnerability

Four out of five applications written in PHP, Classic ASP and ColdFusion that were assessed by Veracode failed at least one of the OWASP Top 10. Given the volume of PHP applications developed for the top three content management systems – WordPress, Drupal and Joomla, which represent more than 70 percent of all CMSs in use today – these findings raise concern over potential security vulnerabilities in millions of websites.Analytics show that 86 percent of … More

Threat and vulnerability management market revenue to reach $5.3 billion

Data trends show that the global threat and Vulnerability Management (VM) market is expected to grow from US$5.3 billion in 2015 to $8.6 billion in 2020, according to ABI Research.“Each day, organizations are deluged with warnings about newly discovered security vulnerabilities,” says Monolina Sen, Senior Analyst in Digital Security at ABI Research. “While well-known security flaws, such as Heartbleed, affected industries globally, lesser-known vulnerabilities have just as much impact on critical systems in a particular … More

The value in vulnerability management platforms

A study conducted by Forrester Consulting assessed IT decision makers’ satisfaction with their current vulnerability management platforms and the challenges companies face in securing their cloud environments against exposure.In the study, IT professionals cited lack of visibility into their network and aging firewall systems as the top two factors for an increased presence of vulnerabilities in their environment.Thirty-seven percent of respondents estimated that their firm’s sensitive data was breached in the past 12 months.The study … More

Cloud-based vulnerability management: Top vendors in the field

With an increasingly fast-paced threat landscape threatening even the most complex network security infrastructures, vulnerability management has become essential.Many vendors are offering cloud-based vulnerability management solutions, among the most prominent are:ImmuniWeb is an assessment service that combines managed vulnerability scanning with penetration testing performed in parallel by security auditors. Available both on-demand and as a continuous service, ImmuniWeb’s hybrid security testing approach detects the most complex vulnerabilities, which are detailed in a manually written assessment … More

Free tool helps organizations respond to vulnerability reports

HackerOne released a new tool designed to help organizations improve the way they respond to reports about vulnerabilities in their software.The Vulnerability Coordination Maturity Model (VCMM) was created as a guide that companies can use to learn what the best practices are for vulnerability response, measure how they compare to others, and take actions that will help them address issues before bad actors can exploit them. Anyone can assess their vulnerability coordination maturity by going … More