Application Security This Week for January 12

Post-CodeMash edition!

 

The Government of Gibraltar had a SQL Injection vulnerability in the site that hosts their laws.  That wouldn't end well.

https://www.theregister.co.uk/2020/01/07/gibraltar_sql_vuln_allowed_law_editing/

 

There is an actual practical attack against SHA-1 that has been POCd.  If you are still using SHA-1 for session tokens, might want to consider something else.

https://www.schneier.com/blog/archives/2020/01/new_sha-1_attac.html

 

Half of WASM code is used to write malware.  I'm not completely sure, but I think I called this one.

https://www.zdnet.com/google-amp/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes/

 

Huge big ginormous remote code execution flaw in Citrix.  TrustedSec has a good writeup.

https://www.trustedsec.com/blog/critical-exposure-in-citrix-adc-netscaler-unauthenticated-remote-code-execution/

 

That's the news, folks.  Stay safe.

Comments are closed

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList