Author Archives: Michael Mimoso

Vendor BPC Banking Silent on Patching SQL Injection in SmartVista Ecommerce Software

Posted on October 11, 2017 by Michael Mimoso

A popular ecommerce platform sold in 60 countries suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched by the vendor. Continue reading Vendor BPC Banking Silent on Patching SQL Injection in SmartVista Ecommerce Software→

RubyGems Patches Remote Code Execution Vulnerability

Posted on October 11, 2017 by Michael Mimoso

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems. Continue reading RubyGems Patches Remote Code Execution Vulnerability→

Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket

Posted on October 10, 2017 by Michael Mimoso

Global consulting firm Accenture is the latest giant organization leaving sensitive internal and customer data exposed in a publicly available Amazon Web Services S3 storage bucket. Continue reading Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket→

Microsoft Patches Critical Windows DNS Client Vulnerabilities

Posted on October 10, 2017 by Michael Mimoso

Microsoft patched three memory corruption vulnerabilities in the Windows DNS client that could be abused by a man-in-the-middle attacker to run arbitrary code. Continue reading Microsoft Patches Critical Windows DNS Client Vulnerabilities→

Security Industry Failing to Establish Trust

Posted on October 6, 2017 by Michael Mimoso

During the Virus Bulletin closing keynote, Brian Honan urged the security industry to share more, victim-shame less and work harder to establish trust. Continue reading Security Industry Failing to Establish Trust→

Emergency Apple Patch Fixes High Sierra Password Hint Leak

Posted on October 6, 2017 by Michael Mimoso

Apple rushed out an emergency patch that fixed an bug in High Sierra that revealed APFS volume passwords via the password hint feature. Continue reading Emergency Apple Patch Fixes High Sierra Password Hint Leak→

Latin American ATM Thieves Turning to Hacking

Posted on October 5, 2017 by Michael Mimoso

Thieves in Latin American countries are turning to Eastern European hackers to build ATM malware from scratch, according to a Virus Bulletin talk by researchers at Kaspersky Lab. Continue reading Latin American ATM Thieves Turning to Hacking→

Inside the CCleaner Backdoor Attack

Posted on October 5, 2017 by Michael Mimoso

Two members of Avast’s threat intelligence team shared new information about the CCleaner backdoor attack. Continue reading Inside the CCleaner Backdoor Attack→

Experts Have Sobering Message on Human Rights, Privacy for Security Pros

Posted on October 4, 2017 by Michael Mimoso

Speakers at Virus Bulletin painted grim pictures of the threats to physical safety and civil liberties posed by commercial spyware and high-end surveillance software often sold to governments. Continue reading Experts Have Sobering Message on Human Rights, Privacy for Security Pros→

Cloudflare CTO Goes Inside the Cloudbleed Bug

Posted on October 4, 2017 by Michael Mimoso

Cloudflare’s chief technology officer was frank and apologetic about February’s Cloudbleed bug during today’s Virus Bulletin 2017 keynote. Continue reading Cloudflare CTO Goes Inside the Cloudbleed Bug→