Security Alerts & News
by Tymoteusz A. Góral

History
#1169 CGI script vulnerability ‘Httpoxy’ allows man-in-the-middle attacks
An old scripting vulnerability that impacts a large number of Linux distributions and programing languages allows for man-in-the-middle attacks that could compromise web servers. The vulnerability, which affects many PHP and CGI web-apps, was revealed Monday in tandem with the release of a bevy patches from impacted companies and platforms.

Researchers at SaaS distributor VendHQ named the vulnerability Httpoxy. It affects server-side web applications that run in Common Gateway Interface (CGI) or CGI-like environments, such as some FastCGI configurations, along with programing languages PHP, Python, and Go.

“This is a very serious flaw, if you’re one of the few still reliant on CGI and PHP for generating web pages,” said Dominic Scheirlinck, principal engineer VendHQ, and one of several researchers from the firm that discovered Httpoxy. The vulnerability is rated as “medium” by the firm and is easily exploitable.
Read more
#1174 Apple fixes vulnerabilities across OSX, iOS, Safari
#1173 REPORT: Organizations must respond to increasing threat of ransomware
#1172 Google Chrome malware leads to sketchy Facebook likes
#1171 Nominations for Pwnie Awards 2016
#1170 Use Tor? Riffle promises to protect your privacy even better
#1169 CGI script vulnerability ‘Httpoxy’ allows man-in-the-middle attacks
#1168 Criminals plant banking malware where victims least expect it
#1167 Carbanak gang tied to Russian security firm?
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12