March 31, SecurityWeek – (International) Malware detection bypass vulnerability found in Cisco firepower. Cisco released software updates fixing a high severity vulnerability after a researcher found that the flaw was caused by improper input validation of fields in Hypertext Transfer Protocol (HTTP) that could allow a remote, unauthenticated attacker to bypass malicious file detection and block security features by crafting an HTTP request and sending it to the victims’ system. Source
March 31, The Register – (International) Patch out for ‘ridiculous’ Trend Micro command execution vuln. Trend Micro released a patch that fixed a command execution vulnerability for systems running its Maximum Security, Premium Security or Password Management software after a security researcher from Google’s Project Zero found a remote debugging server was running on customers’ machines. Officials stated the patch was not fully complete, but will fix most critical issues with the software. Source
March 31, Softpedia – (International) XSS and CSRF bugs in Steam Dev panel let anyone be a Valve admin. A researcher from the United Kingdom discovered a cross-site scripting (XSS) vulnerability and a cross-site request forgery (CSRF) vulnerability affecting SteamDepot, Steam’s internal system for storing game content, after finding that a malicious JavaScript code could be added in the description field to steal users’ Steam cookies, among other actions. Source
March 30, Softpedia – (International) Security bug allowed attackers to send malicious emails via PayPal’s servers. PayPal Holdings, Inc., patched a flaw in one of its automatic emailing application after a security researcher from Vulnerability Lab found that attackers could add malicious code to an account’s username which were embedded in the emails sent to other recipients. The flaw could allow an attacker to execute session hijacking and redirection to external sources, and trick users into clicking a malicious link that prompts victims to enter their PayPal credentials. Source