Author: Perry Varanoid

The Best Kept Secret at Fortinet 0

The Best Kept Secret at Fortinet

Just take a look at the latest news headlines and you’ll get a strong picture of just how pervasive and, in many ways, elusive the world of cyber security has become. Each week it seems there are reports of new, more insidious attacks.

The Wonderful World of CMS strikes again, (Wed, Oct 29th) 0

The Wonderful World of CMS strikes again, (Wed, Oct 29th)

I think that I will start this Diary with the following statement: If you use an open source CMS, and you do not update it frequently, there is a very high chance that your website if not only compromised but also part of a botnet. You probably already saw several of our diaries mentioning vulnerabilities in very well-known CMS systems like WordPress and Joomla, which are quite powerful and easy to use/install, and also full of vulnerabilities and requires frequent updates. The third one in this list is Drupal.

VU#973460: drchrono Electronic Health Record (EHR) web applications vulnerable to cross-site scripting and cross-site request forgery 0

VU#973460: drchrono Electronic Health Record (EHR) web applications vulnerable to cross-site scripting and cross-site request forgery

Vulnerability Note VU#973460 drchrono Electronic Health Record (EHR) web applications vulnerable to cross-site scripting and cross-site request forgery Original Release date: 29 Oct 2014 | Last revised: 29 Oct 2014 Overview drchrono Electronic Health Record (EHR) web applications allow cross-site scripting (XSS) and cross-site request forgery (CSRF) that could allow an attacker to obtain sensitive patient information. Description drchrono provides an EHR web application service at drchrono.com, onpatient.com, and possibly other domains

Inside BlackHat Europe 2014 0

Inside BlackHat Europe 2014

The conference started with Adi Shamir’s keynote. As it was covered at length by rootshell, I won’t be discussing it in this post – apart the fact I was really happy to listen to a brillant mind like Adi Shamir. I also appreciated his talk which was…