Security Alerts & News
by Tymoteusz A. Góral

#125 Chromodo browser disables same-origin policy
Google researcher Tavis Ormandy has disclosed that the Chromodo browser installed with Comodo Internet Security disables the same-origin policy by default. The same-origin policy is a fundamental tenet of web security, ensuring that scripts access data from a second webpage only if the two pages have the same origin.
#124 eBay has no plans to fix “severe” bug that allows malware distribution
Using a highly specialized coding technique known as JSF*CK, hackers can work around this safeguard. The technique allows eBay users to insert JavaScript into their posts that will call a variety of different payloads that can be tailored to the specific browser and device of the visitor.
#123 WordPress update fixes SSRF, open redirect vulnerability
The update pushed out on Tuesday addresses two main issues. Until yesterday an attacker could have potentially carried out a server-side request forgery (SSRF) attack that could have made it appear that the server was sending certain requests, possibly bypassing access controls.
#122 Oracle expands UK cloud data center
Oracle is set to expand its UK cloud offering with the introduction of new Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) software to be hosted in its Slough data center.
#121 ENISA Threat Landscape 2015
The report is the result of an analysis of cyber-threats that have been encountered in the last 12 months, that is, approximately between December 2014 and December 2015. ETL 2015 is the fourth in a series of reports issued yearly by ENISA. It provides an analysis of the state and the dynamics of the cyber-threat environment: the Cyber-Threat Landscape.
#120 Google lays bare security flaws in Malwarebytes (250 million users)
Malwarebytes says it could take three to four weeks to fix security flaws found by Google in its popular anti-malware product.
#119 eBay vulnerability exposes users to phishing, data theft
The vulnerability exists in the site’s online sales platform, according to Roman Zaikin, a researcher with Check Point. With it, an attacker could bypass the site’s code validation and execute malicious JavaScript on users via their browser, or mobile app, the firm warned Tuesday.
#118 New tool: Microsoft Policy Analyzer
Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies. It can also compare GPOs against current local policy settings and against local registry settings. And you can export its findings to a Microsoft Excel spreadsheet.
#117 From Linux to Windows, new family of x-platform desktop backdoor discovered
The backdoor for Linux-based operating systems comes packed via UPX and is full of features to monitor the victim’s activities, including code to capture audio and take screenshots.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12