Patch Day, P.F. Changs Hack, and TweetDeck XSS This week delivered a lot of infosec news and a ton of software security updates. If you didn't have time to follow it all, check out our weekly computer security video to fill in the blanks. During today's episode, I cover the critical patches from Microsoft, Adobe and Mozilla, mention the latest credit card breach against a U.S. … [Read more...]
Fireware XTM 11.8.3 Update Corrects XSS Flaw
Overall Severity: Medium Summary: This vulnerability affects: WatchGuard Fireware XTM 11.8.1 and earlier How an attacker exploits it: Either by enticing an XTM administrator into clicking a specially crafted link or by directly interacting with the appliance's web management UI (requires authentication) Impact: An attacker can execute script in the context of the XTM … [Read more...]
WatchGuard's XTM 11.8 Software Fixes Buffer Overflow & XSS Vulnerabilities
Overall Severity: High Summary: These vulnerabilities affect: WatchGuard WSM and Fireware XTM 11.7.4 and earlier How an attacker exploits them: Either by enticing an XTM administrator into clicking a specially crafted link or by visiting the appliance's web management UI with a malicious cookie Impact: In the worst case, an attacker can execute code on the XTM … [Read more...]
IceFog APT – WSWiR Episode 79
Fake Fingerprints, IOS DoS Flaws, and IceFog APT Are you Ready for the latest InfoSec news? This week, I'm traveling in the windy city of Chicago, speaking at ISC²'s Security Congress Conference. As a result, I did not have time to create a full length video; but fear not. My short video quickly summarizes the five big security stories, and I'll share a few more written … [Read more...]
Hidden Lynx – WSWiR Episode 78
NASDAQ Vulnerabilities, NASA Defacement, and Hidden Lynx It's that time again; when I summarize the biggest information security (Infosec) news into a short video. If you'd like to get a quick take of what's going on in the computer security industry, this is the show for you. This week's episode includes a quick note on the latest software updates, a story about NASDAQ's … [Read more...]