Recently, security researcher Matthew Bryant discovered a blind cross-site scripting (BXSS) vulnerability in GoDaddy’s customer support portal —that is the portal accessible only to GoDaddy customer service representatives, not customers. New post: Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS – https://t.co/uEJWPU8Y4O —…
In the headlines: ImageMagick vulnerability, HIV patient data leak, Brazilian WhatsApp suspension and more
ImageMagick vulnerability being exploited in the wild Following its reveal last week, hackers are leaping on the ImageMagick vulnerability, which could allow an attacker to execute code on servers using the the vulnerable library frequently used to crop or resize images. ImageMagick is a popular…
PCI-DSS 3.2 released – Summary of Changes
The new version of PCI-DSS 3.2 has just been released, so having been through it with a fine toothcomb here are the most noteworthy changes, additions and clarifications, in the order in which they appear in the report. This new standard 3.2 is due to…
JBoss Ransomware Vulnerability Attacks
In recent weeks there have been multiple reports regarding a ransomware campaign, known as SamSam, targeting vulnerable JBoss (now known as WildFly) application servers. An official report released by Cisco Talos states that there have been approximately 3.2 million machines hosting the vulnerable versions of…
In the headlines: UK surveillance policies leak; DDoS attacks; Australia’s Cyber Security Strategy; Facebook hack, and more
UK surveillance policies leaked online UK privacy campaigners Privacy International have managed to get their hands on, and subsequently have released a set of UK surveillance policies. What these policies reveal are the extent to which government agencies such as MI5 and GCHQ have access…
Mitigating extension vulnerabilities in template-based applications
There are over 43,900 official plugins available for WordPress, another 6,200 for Joomla! and 33,700 for Drupal, not to mention the countless other platforms that are freely and easily accessible. The plugins’ abilities range from adding photos for a personal website to complex development collaboration…
In the headlines: UK military cyber defense centre, WordPress and Joomla applications, Magnitude Exploit kit and more
UK establishes £40m military cyber defense centre With the huge proposals and funding pumped into cyber security by the US government lately, there was no doubt the UK would soon be following suit. Plans were unveiled last week for a £40m Cyber Security Operations Centre,…
Nesta report offers a rose tinted insight into the potential for digitising local UK government
A refreshingly progressive report was published in the UK recently, by Nesta, titled ‘Connected Councils: A Digital Vision of Local Government in 2025’. We say refreshing because this is not a doom and gloom report about how corporations are failing to tackle cyber security and…
Panama Papers; was the biggest breach in history caused by a simple vulnerability?
Europe is currently caught up in a political furore surrounding the leak of the ‘Panama Papers’, which basically has leaked the names of those using the offshore tax haven. Among the names to surface have included the Icelandic prime minister, who has since resigned and…