PayPal patches potential payment-stealing vulnerability
An XSS hole could apparently have allowed a crook to pop up a realistic PayPal “pay page” and steal the victim’s card data. Paul Ducklin takes a look…
Naked Security – Sophos
Tag Archive for: Vulnerability
US agency to seek consensus on divisive, volatile topic of security vulnerability disclosures
A U.S. agency hopes to gather security researchers, software vendors and other interested people to reach consensus on the sticky topic of how to disclose cybersecurity vulnerabilities.
Beginning in September, the U.S. National Telecommunications and Information Administration (NTIA) will host a series of meetings intended to improve collaboration among security researchers, software vendors and IT system operators on the disclosure of, and response to, vulnerabilities.
The first NTIA-hosted meeting will be Sept. 29 at the University of California, Berkeley, School of Law. Registration is open to all who want to participate, and the meeting will also be webcast, NTIA said.
To read this article in full or to leave a comment, please click here
Dark Web market Agora suspends operations due to Tor vulnerability
The temporary move is meant to forestall potential attacks that could expose server IP addresses.
Naked Security – Sophos
Vulnerability in enterprise-managed iOS devices puts business data at risk
A vulnerability in the iOS sandbox for third party applications, like those installed by companies on their employees’ devices, can expose sensitive configuration settings and credentials.
The flaw was discovered by researchers from mobile security firm Appthority and impacts apps deployed on iOS devices through mobile device management (MDM) or enterprise mobility management (EEM) products. These products allow administrators to automatically push applications, configuration settings and data access rules to enterprise mobile devices.
Before a new iOS device is brought inside the network of a company that uses a mobile management system, an MDM account is created for it and a client application is installed. The MDM client is used to install corporate apps and to enforce access policies for corporate data and email.
To read this article in full or to leave a comment, please click here