Security Alerts & News
by Tymoteusz A. Góral

History
#73 Secret SSH backdoor in Fortinet hardware found in more products
A recently identified backdoor in hardware sold by security company Fortinet has been found in several new products, many that were running current software, the company warned this week. The undocumented account with a hard-coded password came to light last week when attack code exploiting the backdoor was posted online.
#72 PayPal Remote Code Execution Vulnerability
In December of 2015 a critical vulnerability has been found in one of PayPal business websites (manager.paypal.com) that allowed to execute arbitrary shell commands on PayPal web servers via unsafe JAVA object deserialization and get access to production databases. The bug was immediately reported to PayPal security team and it was quickly fixed after that.
#71 Skype Now Hides Your Internet Address
“Starting with this update to Skype and moving forward, your IP address will be kept hidden from Skype users,” Microsoft’s Skype team wrote in a blog post about the latest version, v. 7.0.18.109 for most users. “This measure will help prevent individuals from obtaining a Skype ID and resolving to an IP address.”
#70 Bug in Magento puts millions of e-commerce sites at risk of takeover
The stored cross-site scripting (XSS) bug is present in virtually all versions of Magento Community Edition and Enterprise Edition prior to 1.9.2.3 and 1.14.2.3, respectively, according to researchers from Sucuri, the website security firm that discovered and privately reported the vulnerability.
#69 Apple Can Still See Your iMessages If You Enable iCloud
It turns out the privacy benefits Apple likes to talk about (and the FBI likes to complain about) basically disappear when iCloud Backup is enabled. Your messages, photos and whatnot are still protected while on your device and encrypted end-to-end while in transit. But you're also telling your device to CC Apple on everything. Those copies are encrypted on iCloud using a key controlled by Apple, not you, allowing the company (and thus anyone who gets access to your account) to see their content
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12