News & Events

News tagged "Application Security"


Greyhound Critical Vulnerabilities – Road Rewards Program

Critical vulnerabilities were identified in the Greyhound APIs primarily due to insufficient authentication controls. Exploitation of these can result in the exposure of personally identifiable information (PII) for the customers who had joined the Road Rewards program. Additionally, an attacker can also remotely exploit an internet-exposed web service that hosts account information for Greyhound customers as well as other sensitive information. An attacker could use this vulnerability to gain access unrestricted access and completely take over user accounts belonging to affected members.

Application Security


Cantemo Portal Version 3.8.4 – Cross-Site Scripting

Cantemo AB is a software systems and technology vendor for major media outlets. The Cantemo Portal application is a high-performance media asset management tool. The latest version at the time of this research was version 3.8.4. Testing was performed on a pre-release version of 4.0.0. Through the cooperation of the vendor, it was determined to affect version 3.8.4 and older versions. Cantemo plans to  patch the issue in v4.0.0.

Application Security


Simple – Better Banking (Android) v. 2.45.0 – 2.45.3 – Sensitive Information Disclosure

The Simple – Better Banking Android application was affected by an information disclosure vulnerability that leaked user passwords to the keyboard autocomplete functionality. If exploited, this vulnerability could be leveraged to gain unauthorized access to user passwords. This could have adversely affected approximately more than several thousand users (as of publication, the app has been downloaded more than 100,000 times on the Google App Store).

Android, Application Security

Cyware – Critical Vulnerabilities Spotted in the Amtrak Mobile Application

To view the article, click here. The US railroad service provider Amtrak was recently notified about vulnerabilities in their mobile application that could have led to a massive data breach of its customers. The Cyware article – Critical Vulnerabilities Spotted in the Amtrak Mobile Application, discusses the research discovery made by Senior Security Analyst …


YunoHost 2.7.2 to 2.7.14 – Multiple Vulnerabilities

YunoHost is an application that is used to manage applications hosted on a Linux server. Additionally, it allows the user to manage the entire Linux system, including installed services, firewall rules, and system updates. The application’s official website is Version 2.7.2 was released on August 22, 2017, and version 2.7.14 was released on June 28, 2018. This security advisory discusses several vulnerabilities Bishop Fox researchers found in it.

Application Security, HTTP Header Injection, Stored Cross-Site Scripting