UPnP Pwnage and Hacked Journalists This week is rife with security news. If you want the quick highlights, you've come to the right place. Today's video covers a few Yahoo XSS vulnerabilities, some serious UPnP security flaws, and the alleged China-based hack of the New York Times. Watch the video below for details. Also, if you are interested in some other stories I didn't … [Read more...]
Microsoft Mends SQL Server XSS Vulnerability
Severity: Medium Summary: These vulnerabilities affect: Most current versions of SQL Server How an attacker exploits it: By enticing a you to click a specially crafted link Impact: An attacker can steal your web cookie, hijack your web session, or essentially take any action you could in the SQL server Report Manager What to do: Deploy the appropriate SQL Server updates as … [Read more...]
Four Updates Repair Office and Server Software Vulnerabilities
Severity: High Summary: These vulnerabilities affect: Microsoft Office related products, including Word, Works, Sharepoint, InfoPack, Communicator, Lync, Groove, and more How an attacker exploits them: Multiple vectors of attack, including enticing users to click specially crafted links, or to open specially crafted documents Impact: In the worst case, an attacker can gain … [Read more...]
Tweet, Like and Poke Your Network into Disaster: The Dangers of Web 2.0 Apps
Besides writing security articles and making videos, I also present a lot for WatchGuard. Over the past few years, I've traveled all over the place giving talks on various security topics, both in person and virtually. Between researching the topics, writing the presentations, and then delivering them over and over again, I often feel like I've already "covered" a particular … [Read more...]
Adobe Flash Update Plugs Zero Day XSS Hole and Others
Summary: This vulnerability affects: Adobe Flash Player 11.1.102.55 and earlier, running on all platforms. This also affects the Android version of Flash. How an attacker exploits it: By enticing your users to visit a website containing malicious Flash content Impact: In the worst case, an attacker can execute code on your computer, potentially gaining control of it What … [Read more...]