Security Alerts & News
by Tymoteusz A. Góral

History
#1918 XSS on WebEx domains undoes previous fixes to Cisco WebEx Chrome extension
At the start of this week, Google Project Zero security researcher Tavis Ormandy made public his discovery of a remote code execution vulnerability within Cisco's WebEx extension for Chrome.

In his comments on Cisco's patches, which whitelisted code execution on the webex.com domain and prompted the user on other domains, Ormandy sagely warned of the situation the networking giant had to address later in the week.

"I think we will consider this issue fixed now. Hopefully, webex.com is well maintained and not full of XSS," he said.
Read more
#1922 Ransomware app hosted in Google Play infects unsuspecting Android user
#1921 Breach notification website LeakedSource allegedly raided
#1920 Now there’s a better way to prevent Facebook account takeovers
#1919 Gmail will block JS attachments for security reasons starting February 13
#1918 XSS on WebEx domains undoes previous fixes to Cisco WebEx Chrome extension
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12