Security Alerts & News
by Tymoteusz A. Góral

History
#793 Magento – unauthenticated remote code execution
The vulnerability (CVE-2016-4010) allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities, as described further in the blog post.

The vulnerability assumes one of the RPCs (REST or SOAP) is enabled. As both are enabled by default, and one of them is actually required by the system, this assumption will not be a problem in the absolute majority of installations.
In this document I will use the SOAP API, as XML is more readable in this case.

This vulnerability works on both the Community Edition and Enterprise Edition of the system.
Read more
#801 Master decryption key released for TeslaCrypt ransomware
#800 France DGSE: Spy service sets school code-breaking challenge
#799 Archive of historic BT 'email' hack preserved
#798 Robin Hood hacker donates $11,000 of stolen bitcoin to help fight ISIS
#797 Google fights French 'right to be forgotten' order
#796 Android Qualcomm vulnerability impacts 60 percent of devices
#795 ESET releases new decryptor for TeslaCrypt ransomware
#794 Ransomware activity spikes in March, steadily increasing throughout 2016
#793 Magento – unauthenticated remote code execution
#792 Foreign hackers may be targeting presidential candidates
#791 Updated Skimer malware infects ATMs worldwide
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12