A study into the security of the Internet of Things has confirmed that the web interfaces for user administration of commercial, off-the-shelf embedded devices - routers, DSL/cable modems, VoIP phones, IP/CCTV cameras - represent a significant attack surface.
A new Imperva report highlights cyber criminals’ use of automation to increase both the magnitude and velocity of attacks designed to compromise users and steal sensitive data.
Among the vulnerabilities patched earlier this month by Microsoft is an important one that endangers users of Microsoft SharePoint 2013, a web application platform in the Microsoft Office server suite that combines a variety capabilities (intranet, extranet, content management, document management, personal cloud, and so on.) CVE-2015-2522 is a persistent cross-site scripting vulnerability that can be exploited by remote attackers, allowing them to do a lot of damage.
Bitdefender researchers have located a stored XSS vulnerability in PayPal that leaves the e-payment service open for hackers to upload maliciously crafted files, capable of performing attacks on registered users of the service.
Since Monday, security pros can add another XSS-finding tool to their arsenal, as Netflix has open sourced their cross-site scripting payload management framework dubbed "Sleepy Puppy." Sleepy Puppy is meant to address the biggest problem with identifying omnipresent XSS issues: finding them not only on targeted applications, but also on others that are not available to the tester, but whose presence ultimately also endangers users.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.