Ruby on Rails JSON Processor YAML Deserialization Code Execution
03 February 2013
A remote exploitation of an input validation error vulnerability in versions prior to 3.0.20, 2.3.16 of Ruby on Rails. The vulnerable application fails to validate specially crafted JSON requests that are processed by the YAML parser. This vulnerability is very similar to CVE-2013-0156.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225,000 valid Apple accounts have been compromised.
Discussions about security intelligence still focus primarily around conventional reactive SIEM. Security pros need to move from this reactive model to proactively using this security intelligence to protect their businesses.