Security Alerts & News
by Tymoteusz A. Góral

History
#1660 Critical vulnerabilities pose a serious threat to Joomla sites
Joomla, the world’s second most popular web content management system (CMS), has been under sustained attack for several days, thanks to a nasty pair of vulnerabilities disclosed last week.

Security announcements 20161001 (CVE-2016-8870) and 20161002 (CVE-2016-8869) describe how flaws in Joomla’s user registration code could allow an attacker to “register on a site when registration has been disabled” and then “register … with elevated privileges”.

If the significance of those two statements hasn’t entirely sunk in let me make it plain: taken together, the vulnerabilities can be used to unlock any site running Joomla, anywhere on the internet, with little more than a polite request detailing what you’d like to be called and how much power you want.
Read more
#1660 Critical vulnerabilities pose a serious threat to Joomla sites
#1659 Web Bluetooth API privacy
#1658 Security update patches 13 Android vulnerabilities discovered by Trend Micro
#1657 AtomBombing: A code injection that bypasses current security solutions
#1656 Killing Mirai: Active defense against an IoT botnet
#1655 Google joins Mozilla and Apple in distrusting WoSign certificates
#1654 Kaspersky DDOS intelligence report for Q3 2016
#1653 Your home’s online gadgets could be hacked by ultrasound
#1652 Bug bounty hunter launches accidental DDoS attack on 911 systems via iOS bug
#1651 Google identified major vulnerability in Apple’s OS and iOS cores
#1650 How security flaws work: SQL injection
#1649 New, more-powerful IoT botnet infects 3,500 devices in 5 days
#1648 Microsoft says Russian APT group behind zero-day attacks
#1647 Firefox disables loophole that allows sites to track users via battery status
#1646 Phony Android Flash player installs banking malware
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12