For well over a decade our focus at ionCube has been on PHP security but recently with the release of ionCube24 we have been looking into different kinds of vulnerabilities. This post has a few of the interesting issues we have found this week.
It’s been a really busy week in the news so here’s a selection of this week’s more interesting vulnerability disclosures and cybersecurity news.
General
Looks like you really need to keep on your toes with patching
How many times has your eyes glazed over at the constant stream of alerts?
So much for this method then
Look, no passwords!
Industry
Control systems have their problems too!
Infrastructure
A slight oversight perhaps? Still, it results in an open door
And Dell responds about the allegation
Another hole in Facebook
Not much choice but to use and hope nothing nasty happens
A potential breach
A bit of a mess with certificates which could result in some man-in-the-middle attacks.
With the OpenSSL last week you can bet most routers and embedded systems will never be updated! Ouch!
Something that may come to bite many of us in the future
PHP
They cant seem to shake the issues off
Yoast hit again
A SOAP issue
Our old friend unserialize
Systems
School boy error – what were they thinking
Many exploit kits use IFRAMEs to activate do ensure you follow these instructions to ensure Internet Explorer is really safe, if you use Firefox then use the NoScript plugin and set the Forbid IFRAME tick box as its off by default
An old flash bug comes back
This article could make you seriously rethink how you create passwords
See the link above on IFRAMES for how to help with this issue
You can’t always trust email sources
Web Server
It took a while to find out what the issues are but at least its not as bad as HEARTBLEED. Maybe,