Security Alerts & News
by Tymoteusz A. Góral

History
#1476 Facebook page takeover – zero-day vulnerability
Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files.

Insecure Direct Object References allow attackers to bypass authorization and access resources directly by modifying the value of a parameter used to directly point to an object. Such resources can be database entries belonging to other users, files in the system, and more. This is caused by the fact that the application takes user supplied input and uses it to retrieve an object without performing sufficient authorization checks.
Read more
#1476 Facebook page takeover – zero-day vulnerability
#1475 Blizzard hit with DDoS attack disrupting play for gamers
#1474 IKEv1 information disclosure vulnerability in multiple Cisco products
#1473 Mozilla plans Firefox fix for same malware vulnerability that bit Tor
#1472 ORWL PC: The most secure home computer ever
#1471 Structure Security: How much security can you automate?
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12