Rapid7 – Page 16 – WindowsTechs.com

Unpatched SQLi vulnerability in SmartVista e-commerce suite

Posted on October 12, 2017 by Zeljka Zorz

Companies using SmartVista, the popular e-commerce/payment management product suite developed by Swiss company BPC Banking Technologies, are urged to put limit access to its management interface. That’s because Rapid7 researcher Aaron Herndon found a SQL injection vulnerability in it, and BPC has shown no indication that it’s going to fix it. About the vulnerability According to Rapid7’s findings, the issues affect the “Transactions” interface of SmartVista Front-End (SVFE), version 2.2.10, revision 287921. “Users with access … More → Continue reading Unpatched SQLi vulnerability in SmartVista e-commerce suite→

Vendor BPC Banking Silent on Patching SQL Injection in SmartVista Ecommerce Software

Posted on October 11, 2017 by Michael Mimoso

A popular ecommerce platform sold in 60 countries suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched by the vendor. Continue reading Vendor BPC Banking Silent on Patching SQL Injection in SmartVista Ecommerce Software→

Rapid7 Nexpose Community Edition – Free Vulnerability Scanner

Posted on September 26, 2017 by Darknet

Rapid7 Nexpose Community Edition is a free vulnerability scanner & security risk intelligence solution designed for organizations with large networks, prioritize and manage risk effectively.

It proactively supports the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.

Nexpose Community Edition Features

Data breaches are growing at an alarming rate. Your attack surface is constantly changing, the adversary is becoming more nimble than your security teams, and your board wants to know what you are doing about it.

Read the rest of Rapid7 Nexpose Community Edition – Free Vulnerability Scanner now! Only available at Darknet.

Continue reading Rapid7 Nexpose Community Edition – Free Vulnerability Scanner→

Researchers Find Vulnerability in Smart Home Control Apps

Posted on September 26, 2017 by Lucian Constantin

Apps used to control Wink Hub and Insteon Hub are vulnerable—the Internet of Hackable things rears its head once again. Continue reading Researchers Find Vulnerability in Smart Home Control Apps→

Fuze Patches TPN Handset Vulnerabilities

Posted on August 22, 2017 by Michael Mimoso

VoIP vendor Fuze earlier this year patched three vulnerabilities that exposed user account information and enabled unauthorized authentication. Continue reading Fuze Patches TPN Handset Vulnerabilities→

Major Hole Plugged in Secure File Transfer Tool

Posted on June 27, 2017 by Michael Mimoso

Biscom recently patched a stored cross-site scripting vulnerability in its secure file transfer product. Continue reading Major Hole Plugged in Secure File Transfer Tool→

Major Hole Plugged in Secure File Transfer Tool

Posted on June 27, 2017 by Michael Mimoso

Biscom recently patched a stored cross-site scripting vulnerability in its secure file transfer product. Continue reading Major Hole Plugged in Secure File Transfer Tool→

U.S. Copyright Office seeks changes to anti-piracy law derided by white-hat hackers

Posted on June 27, 2017 by Shaun Waterman

The U.S. Copyright Office is calling for wide-ranging reforms of an anti-piracy law that critics say restricts the “right to tinker” and puts white-hat cybersecurity researchers in legal jeopardy. In a little-noticed report published last week, the office questions the “overall operation and effectiveness” of Section 1201 of the Digital Millennium Copyright Act, or DMCA. The section makes it a federal crime to to circumvent or get around special “technological protection measures,” designed to prevent piracy of digital products. The law was designed to protect movies, recorded music or books from endless duplication and distribution online. Critics of the section say that — because so many things now include software, and most has some form of anti-piracy protection — it’s effectively illegal to repair, tinker with or even look for security flaws in almost any kind of “smart” or connected product, despite an exemption under the la for security testing. “The current exemption includes a requirement that security researchers obtain prior permission” for any […]

The post U.S. Copyright Office seeks changes to anti-piracy law derided by white-hat hackers appeared first on Cyberscoop.

Continue reading U.S. Copyright Office seeks changes to anti-piracy law derided by white-hat hackers→

SSH Configuration on Nexpose Servers Allowed Weak Encryption Algorithms

Posted on June 2, 2017 by Chris Brook

Rapid7 warned this week that its Nexpose appliances were shipped with a SSH configuration that could have let obsolete algorithms be used for key exchange. Continue reading SSH Configuration on Nexpose Servers Allowed Weak Encryption Algorithms→

Privacy Issue Fixed in Yopify Ecommerce Notification Plugin

Posted on May 31, 2017 by Michael Mimoso

Ecommerce sites using the Yopify plugin were leaking customers’ names, locations and purchases. Continue reading Privacy Issue Fixed in Yopify Ecommerce Notification Plugin→