News & Events

News tagged "Application Security"

Advisories

Jirafeau Version 3.3.0 – Multiple Vulnerabilities

Jirafeau is an open source file sharing web application, distributed under an AGPL version 3 license. It is a fork of the project Jyraphe and allows users to share files for a defined period and protect downloads via a password. The project’s official website is gitlab.com/mojo42/Jirafeau. The latest version of the application is 3.3.0, released on September 8, 2017. Ten vulnerabilities were identified within the Jirafeau web application – five cross-site scripting vulnerabilities (two stored and three reflected) as well as five cross-site request forgery vulnerabilities.

Application Security, Cross-Site Request Forgery, Cross-Site Scripting

PR Web – ioTium Partners with Bishop Fox for IIoT Infrastructure Security

Santa Clara, CA, May 30, 2018 (PR Web) – ioTium, the first commercially deployed secure Edge-Cloud infrastructure company for the Industrial Internet of Things (IIoT), announced that it partnered with leading independent cybersecurity research firm Bishop Fox to test the security of its Edge-Cloud infrastructure offerings. This Edge-Cloud infrastructure ensures that any machine, using …

International Business Times – Sarahah Collects Contact For Feature That Doesn’t Exist

The popular Sarahah app has been collecting more than just feedback from friends and family. Senior Security Analyst Zach Julian discovered it has been uploading user’s personal information which is discussed in this International Business Times article – Find Your Friends: Sarahah Collects Contact For Feature That Doesn’t Exist. You can read more …

The Daily Dot – Sarahah Has Been Covertly Uploading Your Address Book to Its Servers

Senior Security Analyst Zach Julian recently found that Sarahah, a popular anonymous messaging app, has been uploading users’ private data to its company servers. The Daily DotSarahah Has Been Covertly Uploading Your Address Book to Its Servers discusses this and the company’s response. Read more about Sarahah’s access to user’s contact …

Threatpost – Anonymous Messaging App Sarahah to Halt Collection of User Data With Next Update

After a discovery by Senior Security Analyst Zach Julian that the popular messaging app Sarahah was accessing users’ private information, the company announced the collection of user data will stop after the next update. Threatpost discusses this recent finding in Anonymous Messaging App Sarahah to Halt Collection of User Data With Next Update. …