In-app browser security risks, and what to do about them

Read Time:28 Second

In-app browsers can pose significant security risks to businesses, with their tendency to track data a primary concern. This was highlighted in recent research which examined how browsers within apps like Facebook, Instagram and TikTok can be a data privacy risk for iOS users. Researcher Felix Krause detailed how popular in-app browsers inject JavaScript code into third-party websites, granting host apps the ability to track certain interactions, including form inputs like passwords and addresses along with image/link clicks.

To read this article in full, please click here

Read More

The Heartbleed bug: How a flaw in OpenSSL caused a security crisis

Read Time:39 Second

What is Heartbleed?

Heartbleed is a vulnerability in OpenSSL that came to light in April of 2014; it was present on thousands of web servers, including those running major sites like Yahoo.

OpenSSL is an open source code library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The vulnerability meant that a malicious user could easily trick a vulnerable web server into sending sensitive information, including usernames and passwords.

The TLS/SSL standards are crucial for modern web encryption, and while the flaw was in the OpenSSL implementation rather than the standards themselves, OpenSSL is so widely used—when the bug was made public, it affected 17% of all SSL servers—that it precipitated a security crisis.

To read this article in full, please click here

Read More

123ADV-001: Stack Buffer Overflow in Lotus 1-2-3 R3 for UNIX/Linux

Read Time:23 Second

Posted by Tavis Ormandy on Sep 05

# About

The 123 command is a spreadsheet application for UNIX-based systems that
can be used in interactive mode to create and modify financial and
scientific models.

For more information, see https://123r3.net

# Advisory

A stack buffer overflow was reported in the cell format processing
routines. If a victim opens an untrusted malicious worksheet, code
execution could occur.

There have been no reports of this vulnerability being exploited…

Read More