-
JavaScript Attack Can Break ASLR
BleepingComputer has reported that security researchers discovered a new attack that can be carried out in nearly any browser just using JavaScript. Even with the protections & sandboxing of today’s modern browsers (like Google Chrome, Microsoft Edge, Opera, and Mozilla Firefox) it can break the address space layout randomization (ASLR) that most of today’s central […]
-
WordPress 4.7.2: Hidden Exploit Fix
The recently released version 4.7.2 of WordPress had an additional security fix which was not disclosed in the changelog when it was released. The issue? A privilege escalation / content injection bug in the REST API that allowed for the potential that anyone could edit any post. How? Part of the REST API had an […]
-
Release: WordPress 4.7.2
Last week WordPress released the second security update for version 4.7. There were 3 security issues fixed: Interface for assigning taxonomy terms in Press This was shown to users who did not have permission An SQL injection vulnerability was patched in the WP_Query class to prevent poorly coded plugins and themes from falling victim (involving post types) […]
-
Browsers’ Interfaces Are Insecure
As browsers continue to add new features, many of them need to notify or request confirmation from the user. These notifications and dialogs are showing outside the browser interface and appear inside or overtop of the content window (considered to be untrusted since any content can be displayed by developers). This means that content developers […]
-
Release: PHP 7.0.15, 7.1.1, 5.6.30
PHP has released security updates for versions 7, 7.1, and 5.6. Since these are security releases it is HIGHLY recommended you update to them. I also heavily recommend you update to them as there are some odd bugs fixed in earlier versions for rare cases that could cause hangs or segfaults (crashes) in some cases […]
-
Release: WordPress 4.7.1
WordPress, the open-source blogging and CMS platform, has released version 4.7.1, a security update to version 4.7. The update fixes eight (8) major security issues as well as sixty-two (62) other various bugs found in 4.7. Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major […]
-
Chrome Changes: Encryption Notification
Google Chrome version 56 (based on the open-source Chromium web browser) is scheduled to be released at the end of the month. One of the major user-level changes is how sites without encryption will appear. Until now there has just been a lowercase letter “i” with a circle around it — this was typically an indicator […]
-
Cloudflare Trips Over Leap Second
The domain name service (DNS) and security proxy provider Cloudflare appears to have tripped over the leap second at the end of 2016. The Go programming language that is uses to build it’s DNS server apparently returned a negative number for the date in some cases which caused the random number generator to throw errors. […]
-
2016: Banner Year for Encryption
The Electronic Frontier Foundation (EFF) reported that the number of websites utilizing encryption (HTTPS) to secure the traffic between the browser and the web server. For the first time since the inception of the Internet, the majority (more than half) of internet traffic was encrypted! It did not matter the size: large and small websites […]
-
PHPMailer Vulnerability
A new Remote Code Execution (RCE) vulnerability has been reported on Christmas but details were only recently released. PHPMailer has already issued a patch (though they are not 100% confident in it), and WordPress (which uses PHPMailer) is considering issuing a security patch for current versions as well. The vulnerability allows the FROM address, when […]