Home Tags Hypertext Transfer Protocol (HTTP)

Tag: Hypertext Transfer Protocol (HTTP)

Phishing scum going legit to beat browser warnings

Now that Chrome and Firefox call out HTTP, phisherpholk are getting certified Browser-makers' decision to put big red warning lights in the faces of users when they hit sites too slack to use HTTPS is backfiring a little, as crooks are accelerating their use of encryption.…

Ztorg: money for infecting your smartphone

This research started when we discovered an infected Pokeacute;mon GO guide in Google Play. We detected the malware as Trojan.AndroidOS.Ztorg.ad.

After some searching, I found some other similar infected apps that were being distributed from the Google Play Store.

After I started tracking these infected apps, two things struck me – how rapidly they became popular and the comments in the user review sections.

Vanilla Forums has a plain-flavoured zero-day

PHPMailer bug leads to remote code execution via HTTP The popular Vanilla Forums software needs patching against a remote code execution zero-day first reported to the developers in December 2016.…

DDOS attacks in Q1 2017

Although the first quarter of 2017 was rather quiet compared to the previous reporting period, there were a few interesting developments.

Despite the growing popularity of IoT botnets, Windows-based bots accounted for 59.81% of all attacks. Meanwhile, complex attacks that can only be repelled with sophisticated protection mechanisms are becoming more frequent.

VU#556600: Space Coast Credit Union SCCU Mobile for Android and iPhone...

Space Coast Credit Union SCCU Mobile for Android,version 2.1.0.1104 and earlier,and for iOS,version 2.2 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.

VU#276408: Think Mutual Bank Mobile Banking App for iPhone fails to...

Think Mutual Bank mobile banking app for iOS,version 3.1.5 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.

VU#491375: Intel Active Management Technology (AMT) does not properly enforce access...

Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation,which may allow a remote,unauthenticated attacker to execute arbitrary code on the system.

Google Chrome to Mark More HTTP Pages as Insecure Later This...

HTTP pages that accept any kind of user data will be marked as "Not secure" starting in October, the company says.

Google tightens noose on HTTP: Chrome to stick ‘Not secure’ on...

In October, Google will begin phase two of its plan to label all HTTP pages as non-secure.

Chrome to Mark More HTTP Pages ‘Not Secure’

Starting with Chrome 62, Google will start marking any HTTP page where users may enter data, and any HTTP page visited in incognito mode

IDG Contributor Network: My two cents on using the IHttpActionResult interface...

Microsoft's WebAPI has for quite some time been the framework of choice for building RESTful services that can work over HTTP. The IHttpActionResult interface has been introduced with WebAPI version 2 and provides a different way to send back responses from your WebAPI controller methods, and it leverages async and await by default.Essentially, IHttpActionResult is a factory for HttpResponsemessage.

The IHttpActionResult interface is contained in the System.Web.Http namespace and creates an instance of HttpResponseMessage asynchronously.

The IHttpActionResult comprises a collection of custom in-built responses that include: Ok, BadRequest, Exception, Conflict, Redirect, NotFound, and Unauthorized.To read this article in full or to leave a comment, please click here

VU#219739: Portrait Displays SDK applications are vulnerable to arbitrary code execution...

Applications developed using the Portrait Display SDK,versions 2.30 through 2.34,default to insecure configurations which allow arbitrary code execution.