Ruby on Rails JSON Processor YAML Deserialization Code Execution
03 February 2013
A remote exploitation of an input validation error vulnerability in versions prior to 3.0.20, 2.3.16 of Ruby on Rails. The vulnerable application fails to validate specially crafted JSON requests that are processed by the YAML parser. This vulnerability is very similar to CVE-2013-0156.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.
A new report is describing major security and privacy issues in several leading wearable fitness tracking devices and accompanying mobile apps. The research examined offerings by Apple, Basis, Fitbit, Garmin, Jawbone, Mio, Withings, and Xiaomi.
There is no silver bullet to eliminate every single threat that could strike an organization. But what we can do is take bits and pieces away from the equation to make it challenging and more difficult for attackers to get a foothold in the organization.