Security Alerts & News
by Tymoteusz A. Góral

#2083 Product Security Advisory – PSA0002 – dnaLIMS
Shorebreak Security penetration testers discovered seven serious vulnerabilities in the dnaLIMS web application during the course of a blackbox penetration test for a customer. This was by no means a comprehensive review of the web application, and it should be assumed that many other vulnerabilities exist in the application.

Shorebreak notified the vendor, who appears to have no interest in fixing his flawed software that is in use on the Internet at several other organizations.

Our recommendation is to isolate this web application as much as possible to reduce the exposure – most definitely remove it from the Internet.
Read more
#2093 Aggressive ad-displaying Google Play app tricks users into leaving high ratings
#2092 Facebook Lite infected with spy FakePlay
#2091 Cisco and Apache issue warnings over 0day flaw being targeted in the wild
#2090 Emsisoft releases a decryptor for the CryptON ransomware
#2089 Another challenge for IoT: Open backdoors
#2088 Apple has already fixed most of the iOS exploits the CIA used
#2087 Leaked docs suggest NSA and CIA behind Equation cyberespionage group
#2086 Vault 7: WikiLeaks docs hint CIA could bypass 21 security products
#2085 China mulls national cryptocurrency in race to digital money
#2084 After CIA leaks, tech giants scramble to patch security flaws
#2083 Product Security Advisory – PSA0002 – dnaLIMS
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12