Get Off Your AMF and Don’t REST On JSON
At “BSides Los Angeles“, I presented on “Get off your AMF and don’t REST on JSON”. This talk described how SQL Injection and other attacks remain possible with JSON, REST and AMF. The presentation can be accessed at -
Apache Server 2.4.3 fixes over fifty bugs and two security holes
The Apache Software Foundation has released version 2.4.3 of the Apache HTTP Server, fixing over fifty bugs and closing two security holes. The two vulnerabilities are present in the mod_proxy_aip, mod_proxy_http and mod_negotiation modules. Time to patch
US Investigating Siemens Security Flaw
The US government is investigating claims from a cyber security researcher that flaws in software component of Siemens networking equipment could enable hackers to attack power plants and other critical systems.
Mystery Malware That Targeted Energy Group Contains Amateur Coding Goof
The mystery malware that recently caused havoc on energy sector computers contains an amateur programming error that’s not typical of state-sponsored attacks. As per the malware researcher “This error indirectly confirms our initial conclusion that the Shamoon malware is not the Wiper malware that attacked Iranian Systems,”
VMware Virtual Machines Targeted by “Crisis” Espionage Malware
Researchers have uncovered a single espionage malware attack that is capable of infecting multiple platforms, including computers running the Windows and Mac OS X operating systems, Windows-powered mobile devices, and VMware virtual machines. This may be the first malware that attempts to spread onto a virtual machine.