News & Events

Jon Rose Joins Bishop Fox as Vice President of Managed Security Services

Bishop Fox, the largest private professional services firm focused on offensive security testing, announced today that Jon Rose has joined the firm as vice president of Managed Security Services (MSS). Rose will lead the strategic development and delivery of the firm’s new managed services offerings. Prior to joining Bishop Fox, Rose was the chief security officer at …

Advisories

Greyhound Critical Vulnerabilities – Road Rewards Program

Critical vulnerabilities were identified in the Greyhound APIs primarily due to insufficient authentication controls. Exploitation of these can result in the exposure of personally identifiable information (PII) for the customers who had joined the Road Rewards program. Additionally, an attacker can also remotely exploit an internet-exposed web service that hosts account information for Greyhound customers as well as other sensitive information. An attacker could use this vulnerability to gain access unrestricted access and completely take over user accounts belonging to affected members.

Application Security

Advisories

Cantemo Portal Version 3.8.4 – Cross-Site Scripting

Cantemo AB is a software systems and technology vendor for major media outlets. The Cantemo Portal application is a high-performance media asset management tool. The latest version at the time of this research was version 3.8.4. Testing was performed on a pre-release version of 4.0.0. Through the cooperation of the vendor, it was determined to affect version 3.8.4 and older versions. Cantemo plans to  patch the issue in v4.0.0.

Application Security