vulnerability
XSS bug allows Amazon account hijacking
A recurring XSS bug in Amazon’s Kindle Library, i.e. the “Manage your Kindle” web application, can be exploited by attackers looking to hijack users’ …
Google Apps scripts can be easily misused by scammers
Andrew Cantino, VP of Engineering at Mavenlink but also a bug hunter in his free time, has discovered that Google Apps Scripts can be misused by attackers to access …
DARPA is after vulnerabilities in algorithms implemented in software
The Defense Advanced Research Projects Agency (DARPA) is looking for new program analysis techniques and tools to enable analysts to identify vulnerabilities in algorithms …
Blackphone security issues and vulnerabilities unveiled
Blackphone, the carrier- and vendor-independent smartphone that was created with the goal of placing privacy and control directly in the hands of its users, is not without its …
Researchers compile list of Android apps that allow MitM attacks
Around 350 Android apps that can be downloaded from Google Play and Amazon stores fail to properly validate SSL certificates for HTTPS connections, and thus open users to …
Coursera privacy issues exposed
When well-known lawyer and Stanford law lecturer Jonathan Mayer was invited to teach a course on government surveillance on Coursera, the popular online website offering free …
Lessons learned from running 95 bug bounty programs
Large companies such as Google and Facebook have dedicated teams that review bug submissions, verify valid bugs and reward security researchers, but that can be time and …
A closer look at Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner automatically checks your web applications for SQL Injection, XSS and other web vulnerabilities. Features: AcuSensor Technology SQL …
70% of finance apps vulnerable to input validation attacks
A growing number of data breaches and security incidents can be directly linked to poor code quality, according to CAST. The data reveals finance and retail industry …
Facebook to fix flaw that can force iPhones to make calls
Facebook will soon be pushing out an update to its iOS Messenger app meant to patch a vulnerability that could allow attackers to place pricy calls from users’ phones by …
Researchers exploit flaw to tie Secret users to their secrets
The secrets you share on Secret, the popular app that allows people to share messages anonymously within their circle of friends, friends of friends, and publicly, can be …
Critical Delphi and C++Builder VCL library bug found
A buffer overflow vulnerability that could be exploited to execute malicious code has been discovered in the Visual Component Library (VCL) library of Embarcadero’s …