Category Archives: Vulnerability Assessment

SAP Fixes Vulnerabilities in Internet Graphics Server

SAP released its set of security fixes of this week to address more than a dozen bugs around its product portfolio, containing about four vulnerabilities in Internet Graphics Server. Nine new Security Notes were released by the company as part of the SAP Security Patch Day, to which Support Package Notes and updates to formerly announced notes are additional, for a total of sixteen notes released since the previous Patch Day.

Continue reading

Flaws in Drupal Discloses and Now Became Target of Prevalent Threats

High-severity flaws in Drupal that were revealed previous month and now became the target of extensive threats by a malware campaign. Troy Mursch, the Researcher of Bad Packets has reported hundreds of conceded Drupal websites being utilized to host “cryptojacking” malware that practices the CPUs of people to mine cryptocurrency via CoinHive.

Continue reading

Uber Constricts Bug Bounty Threats Policies

Last week, Uber updated the legal terms and conditions of its bug bounty program and delivered regulation for good faith flaw investigation. The variations come merely months after the ride-sharing massive acknowledged paying a couple of people as part of a struggle to obscure a huge security occurrence. Uber declares that it has addressed about 200 bugs for which it has granted more than $290,000 ever since August 2017, carrying the total amount paid out by the firm since they launch of its flaw bounty program to over $1.4 million.

Continue reading

13 Year-Old Configuration Vulnerability Influences Maximum SAP Deployments

Onapsis notifies maximum SAP executions carry on to be influenced by a security configuration vulnerability originally documented in 2005. Abandoned security configurations and accidental configuration points of formerly secured systems reduce SAP operations flaw in spite of the announcement of different Security Notes intended to state the concerns.

Continue reading

Serious Drupal Fixes New Flaw Associated To Drupalgeddon2

The Drupal developers have announced the latest updates for Drupal versions 7 and 8 of the content management system to address a new flaw associated to the freshly fixed vulnerability called Drupalgeddon2. The new flaw, pursued as CVE-2018-7602, has been labeled as an extremely serious issue that can be oppressed for distant code implementation. The vulnerability has been fixed with the announcement of versions 7.59, 8.4.8 and 8.5.3.

Continue reading

LinkedIn Flaw Permitted User Data To Be Stolen

LinkedIn currently fixed a flaw that could have been oppressed by harmful websites to steal data from profiles of its users, containing private information. The vulnerability influenced the AutoFill utility, which lets websites to deliver users the opportunity to rapidly fill out forms with the data containing from their LinkedIn profile. Users merely click the AutoFill button on a webpage including a form and few of the fields are pre-occupied with data obtainable from LinkedIn profile.

Continue reading

Drupal Websites Maltreated With Backdoors, Miners in Drupalgeddon2 Threats

The newly fixed Drupal flaw pursued as CVE-2018-7600 and labeled Drupalgeddon2 has been oppressed in the remote to carry backdoors, cryptocurrency miners and further sorts of malware. While much of the online action directing CVE-2018-7600 still seems to signify scanning means efforts to identify flaw systems, the cybercriminal have also ongoing abusing the vulnerability to install malware.

Continue reading

SAP Fixes Harmful Vulnerabilities in Business Client

SAP announced its set of security fixes this week, which contain patches for serious flaws in web browser controls carried with SAP Business Client. The greatest and significant Security Notes announces numerous flaws in the web browser controls utilized to show pages in SAP Business Client 6.5 PL5. The flaws influence browser controls for Microsoft’s Internet Explorer and the open source Chromium.

Continue reading