WordPress Comment Rating plugin CSRF vulnerability
A vulnerability has been reported in the Comment Rating plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks, …
vulnerability
CORE IMPACT Pro 11 now detects and exploits network router vulnerabilities
Core Security Technologies introduced the latest version of its automated penetration testing solution, CORE IMPACT Pro 11. CORE IMPACT Pro enables users to conduct real-world …
Security Factsheets: A new look at vulnerability data
Secunia today announced their Security Factsheets, designed for those who are interested in understanding the historical development of advisories and vulnerabilities in …
Most businesses vulnerable to cache poisoning attacks
While DNSSEC adoption percentages appear to have increased dramatically by 340 percent this year, the actual number of zones that have been signed is very small: .02 percent, …
McAfee’s Secure Short URL Service not so secure
When the people at McAfee decided to launch its own URL-shortening service (mcaf.ee), they touted it as “secure” – meaning, that it would guarantee that the …
Behavior of Safari on the iPhone could benefit scammers
A behavior of the Safari browser on the iPhone could be used by phishers and scammers to fool users into believing they have landed on a legitimate site, says Nitesh Dhanjani. …
Canon image originality verification proven useless
ElcomSoft discovered vulnerability in Canon’s Original Data Security System, a validation system to guarantee authenticity of digital images captured with supported …
Android browser flaw allows attackers to access user data
A vulnerability in the Android browser that could allow attackers to download files stored on the mobile device’s or tablet’s SD card has been discovered by …
Week in review: Online shopping safety, malware hybrids and Packet Wars
Here’s an overview of some of last week’s most interesting news, articles and reviews: Google Apps Script API flaw allowed attacker to impersonate Google Details …
Google Apps Script API flaw allowed attacker to impersonate Google
Details about a recently discovered and exploited vulnerability that allowed a 21-year-old Armenian hacker to harvest GMail addresses and send to their owners a message coming …
Google Chrome tops “Dirty Dozen” apps list
Bit9 unveiled its report of the top applications with reported security vulnerabilities in 2010. Google Chrome placed first on the “Dirty Dozen” list, followed by …
OpenSSL remote code execution patched
New, patched versions of the OpenSSL server have been released on Tuesday in order to close down a hole that could allow attackers to execute a DoS attack and remote arbitrary …