threatpost.com Archives - 09 January 2013, Wednesday - OpenRuby.com

Follow @openruby

threatpost.com Archives - 09 January 2013, Wednesday

Exploit Code for Ruby on Rails Flaw Likely on the Horizon

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential for serious attacks and saying that one of the bugs in particular could be easy prey for attackers. The most serious of the flaws is in the parameter parsing funct...
Related:
1. Exploit Code, Metasploit Module Out for Ruby on Rails Flaws threatpost.com 10 Jan '13, 3pm
2. Infosecurity - New flaw in Ruby on Rails infosecurity-magazine.com 09 Jan '13, 1pm
3. Ruby on Rails Releases 'Extremely Critical' Security Fixes – Exploit Code E... securityweek.com 09 Jan '13, 6pm
4. Serious vulnerability in Ruby on Rails allowing arbitrary Ruby code executi... reddit.com 08 Jan '13, 11pm
5. Ruby On Rails SQL Injection Flaw Has Serious Real-Life Consequences - Slashdot it.slashdot.org 09 Jan '13, 4pm
6. Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155) groups.google.com 08 Jan '13, 8pm
7. Metasploit Rails 3 Remote Code Execution Hours Away news.ycombinator.com 10 Jan '13, 3am
8. ‘Huge’ Ruby On Rails Vulnerability Causes Panic | TechWeekEurope UK techweekeurope.co.uk 09 Jan '13, 4pm
Critical Flaws Patched in Ruby on Rails

threatpost.com 08 Jan '13, 9pm

"There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application," the advisory says. "The parameter parsing c...
Related:
1. Critical Ruby on Rails flaws fixed, upgrade immediately net-security.org 09 Jan '13, 2pm
2. Ruby on Rails patches more critical vulnerabilities news.hitb.org 09 Jan '13, 10am
3. Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155) groups.google.com 08 Jan '13, 8pm
4. Ruby on Rails patches more critical vulnerabilities | Security - InfoWorld infoworld.com 09 Jan '13, 12pm
5. Critical vulnerability in Ruby on Rails parameter parsing - The H Security: h-online.com 09 Jan '13, 11am
6. Critical vulnerability in Ruby on Rails parameter parsing - The H Open: New... h-online.com 09 Jan '13, 11am
7. Any Ruby on Rails app is, badly, utterly, pwned through multiple parameter ... groups.google.com 09 Jan '13, 3am
8. Ruby on Rails pushing out 'extremely critical' fixes - Applications - SC Ma... scmagazine.com.au 09 Jan '13, 2am
SQL Injection Flaw Haunts All Ruby on Rails Versions | threatpost

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps, and the ma...
Related:
1. SQL Injection Flaw Haunts All Ruby on Rails Versions | threatpost threatpost.com 03 Jan '13, 3pm
2. All Ruby on Rails versions affected by SQL injection flaw net-security.org 03 Jan '13, 3pm
3. All Ruby On Rails Versions Suffer SQL Injection Flaw - Slashdot it.slashdot.org 03 Jan '13, 4pm
4. All Ruby On Rails Versions Suffer SQL Injection Flaw - Slashdot it.slashdot.org 03 Jan '13, 4pm
5. Ruby on Rails security updates address SQL injection flaw - Techworld.com news.techworld.com 03 Jan '13, 3pm
6. Ruby on Rails updates address SQL injection flaw - Computerworld computerworld.com 03 Jan '13, 3pm
7. Ruby on Rails security updates address SQL injection flaw networkworld.com 03 Jan '13, 7pm
8. Ruby on Rails security updates address SQL injection flaw | Security - Info... infoworld.com 03 Jan '13, 2pm
SQL Injection Flaw Haunts All Ruby on Rails Versions | threatpost

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps, and the ma...
Related:
1. SQL Injection Flaw Haunts All Ruby on Rails Versions | threatpost threatpost.com 03 Jan '13, 3pm
2. All Ruby on Rails versions affected by SQL injection flaw net-security.org 03 Jan '13, 3pm
3. All Ruby On Rails Versions Suffer SQL Injection Flaw - Slashdot it.slashdot.org 03 Jan '13, 4pm
4. All Ruby On Rails Versions Suffer SQL Injection Flaw - Slashdot it.slashdot.org 03 Jan '13, 4pm
5. Ruby on Rails security updates address SQL injection flaw - Techworld.com news.techworld.com 03 Jan '13, 3pm
6. Ruby on Rails updates address SQL injection flaw - Computerworld computerworld.com 03 Jan '13, 3pm
7. Ruby on Rails security updates address SQL injection flaw networkworld.com 03 Jan '13, 7pm
8. Ruby on Rails has SQL injection vuln theregister.co.uk 03 Jan '13, 10pm
ZeroAccess Botnet Cashing in on Click Fraud and Bitcoin Mining | threatpost

threatpost.com 30 Oct '12, 8pm

A mid-year switch in communication protocol and distribution strategy is behind a spike in activity from the ZeroAccess botnet, a prolific and malicious ad click fraud network. Researchers at Kindsight Security Lab reported today that ZeroAccess accounts for 29 percent of home network...
Bafruz Backdoor Disables Antivirus, Intercepts Communications With Social Media Sites | threatpost

threatpost.com 16 Aug '12, 6pm

There's a new family of malware that's using a complex set of capabilities to disable antimalware and listen in on sessions between users and some social networks. Bafruz is essentially a backdoor trojan that also is creating a peer-to-peer network of infected computers. This month's ...