Application Security Weekly for June 3

My good friends at AppSec Consulting tipped me off this this really neat finding .  It's a SAML bypass - they didn't discover it but they have been using it in tests and it works well.


Remember JScript, that attempt by Microsoft to take over ECMAscript?  Yeah, neither does anyone else but it is still in Windows and it has an RCE vulnerability.


Apparently it's the theme today, so I'll point out that an RCE vulnerability was found in the Steam client, and has a good writeup.


In a previous post I mentioned the sheer mass of Redis servers left open on the Internet.  Someone has now written a worm for them, and 75% are infected.


And that's the news.


Comments are closed