![]() ![]() The news broke throughout the WordPress community earlier Sunday morning when Google blacklisted over 11,000 domains due to the latest malware campaign, that has been brought by, thus being dubbed the ‘SoakSoak Malware’ epidemic. The users of WordPress, a free and open source blogging tool as well as content management system (CMS), are being informed of a widespread malware attack campaign that has already compromised more than 100,000 websites worldwide and still counting. WordPress Malware Compromises Over 100,000 Sites So Far. “Version’s (corporate) security group seemed to immediately realize the impact of this vulnerability and took it very seriously,” Westergren said. Verizon rewarded Westergren with a year’s worth of free internet. The problem has been fixed by the telecom giant, so there is no need for users to worry about it. My last test was sending an outgoing message as another user also successful,” Westergren wrote. “It was my suspicion that all of the API methods for this widget within the app were vulnerable. Substituting the uid with the username of another email account indeed returned the contents of their inbox.”Īccording to the security researcher, the vulnerability even allowed attackers to send email messages from victims’ accounts and found and exploited further vulnerable API calls. “Altering the uid parameter and specifying another username shouldn’t have an effect, since I’m logged in and my session is maintained through my cookies,” Westergren wrote in an advisory. The FiOS API flaw, actually contained in the application’s API, allowed any account to be accessed by manipulating user identification numbers in web requests, giving attackers ability to read individual messages from a person’s Verizon inbox. ![]() One-after-one three serious zero-day vulnerabilities in Windows 7 and 8.1 were disclosed by Google’s security team before Microsoft planned to patch them. Microsoft could learn a lot more from Verizon, as Microsoft wasn’t able to fix the security flaws in its software reported by Google’s Project Zero team even after a three-month-long time period provided to the company. That’s precisely how it should be done - quickly and efficiently. The telecom giant acknowledged the researcher of the notification the same day and issued a fix on Friday, just two days after the vulnerability was disclosed. Westergren took time to put together a proof-of-concept showing serious cause for concern, and then reported it to Verizon. ![]() The issue was discovered while analyzing traffic generated by the Android version of My FiOS, which is used for account management, email and scheduling video recordings. The FiOS API flaw was discovered by XDA senior software developer Randy Westergren on January 14, 2015, when he found that it was possible to not only read the contents of other users’ inboxes, but also send message on their behalf. Verizon FiOS app vulnerability Exposes 5 MILLION Customers’ Email AddressesĪ critical vulnerability discovered in Verizon’s FiOS mobile application allowed an attacker to access the email account of any Verizon customer with relative ease, leaving almost five million user accounts of Verizon’s FiOS application at risk. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |