Severe and unpatched eBay vulnerability allows attackers to distribute malware

Check Point researchers have discovered a severe vulnerability in eBay’s online sales platform, which allows criminals to distribute malware and run phishing campaigns. This vulnerability allows attackers to bypass eBay’s code validation and control the vulnerable code remotely, to execute malicious Javascript code on targeted eBay users. If this flaw is left unpatched, eBay users will continue to be exposed to potential phishing attacks and data theft. Details An attacker can target eBay users by … More

86% of PHP-based apps contain at least one XSS vulnerability

Four out of five applications written in PHP, Classic ASP and ColdFusion that were assessed by Veracode failed at least one of the OWASP Top 10. Given the volume of PHP applications developed for the top three content management systems – WordPress, Drupal and Joomla, which represent more than 70 percent of all CMSs in use today – these findings raise concern over potential security vulnerabilities in millions of websites.Analytics show that 86 percent of … More

Threat and vulnerability management market revenue to reach $5.3 billion

Data trends show that the global threat and Vulnerability Management (VM) market is expected to grow from US$5.3 billion in 2015 to $8.6 billion in 2020, according to ABI Research.“Each day, organizations are deluged with warnings about newly discovered security vulnerabilities,” says Monolina Sen, Senior Analyst in Digital Security at ABI Research. “While well-known security flaws, such as Heartbleed, affected industries globally, lesser-known vulnerabilities have just as much impact on critical systems in a particular … More

The value in vulnerability management platforms

A study conducted by Forrester Consulting assessed IT decision makers’ satisfaction with their current vulnerability management platforms and the challenges companies face in securing their cloud environments against exposure.In the study, IT professionals cited lack of visibility into their network and aging firewall systems as the top two factors for an increased presence of vulnerabilities in their environment.Thirty-seven percent of respondents estimated that their firm’s sensitive data was breached in the past 12 months.The study … More

Cloud-based vulnerability management: Top vendors in the field

With an increasingly fast-paced threat landscape threatening even the most complex network security infrastructures, vulnerability management has become essential.Many vendors are offering cloud-based vulnerability management solutions, among the most prominent are:ImmuniWeb is an assessment service that combines managed vulnerability scanning with penetration testing performed in parallel by security auditors. Available both on-demand and as a continuous service, ImmuniWeb’s hybrid security testing approach detects the most complex vulnerabilities, which are detailed in a manually written assessment … More

Free tool helps organizations respond to vulnerability reports

HackerOne released a new tool designed to help organizations improve the way they respond to reports about vulnerabilities in their software.The Vulnerability Coordination Maturity Model (VCMM) was created as a guide that companies can use to learn what the best practices are for vulnerability response, measure how they compare to others, and take actions that will help them address issues before bad actors can exploit them. Anyone can assess their vulnerability coordination maturity by going … More

Critical Bugzilla flaw allows access to unpatched vulnerability information

Mozilla has patched a critical vulnerability (CVE-2015-4499) in its popular open source bug-tracking Bugzilla software – a vulnerability that can be exploited by attackers to gain access to information about a project’s still unpatched flaws.“The discovered vulnerability allows an attacker to obtain permissions on a Bugzilla service they would not otherwise receive. This is achieved by tricking the system into believing that the attacker is part of a privileged domain, causing the system to grant … More

Vulnerability management embraces new functions

Vulnerability management (VM) solution providers have always held their own in the global network security domain. VM technologies scan network endpoints such as desktops and mobile devices against a library of known bad binaries and configuration errors to reduce the attack surface.As contemporary cyber defense infrastructure evolves into a multi-layered network, VM vendors are broadening their horizons to offer a plethora of technologies as value-added services.New analysis from Frost & Sullivan finds that the market … More

PayPal stored XSS vulnerability exposed

Bitdefender researchers have located a stored XSS vulnerability in PayPal that leaves the e-payment service open for hackers to upload maliciously crafted files, capable of performing attacks on registered users of the service.The vulnerability can be used to deliver harmful files or content that enable a wide range of attacks on users to take place.PayPal’s issue lies in the way it processes and encrypts URLs that transport uploaded files. The proof-of-concept uses an HTML-formatted XML … More

JetAudio and JetVideo media player vulnerability allows arbitrary code execution

An arbitrary code execution in the JetAudio Basic (v8.1.3) and JetVideo media players for Windows allows potential attackers to craft a malicious .asf file that could compromise a user’s PC, warns Bitdefender.The JetAudio Basic and JetVideo software applications enable playback of commonly used audio and video files on Windows. When the JXVidInfo.dll file parses the ASF file’s codec entries, playing a movie or watching a video could have serious repercussions.Once the DLL file is parsed, … More