CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass

Posted by Security Advisories on Apr 21Product: Starscream websocket library
Severity: LOW
CVE Reference: CVE-2017-7192
Type: SSL Pinning bypass / Information disclosure

Abstract
——–

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because of incorrect management of the certValidated variable
(it can be set to true but cannot be set to false).

Description
———–

The open-source Starscream library provides a SWIFT implementation of
the websocket…

Link: http://seclists.org/bugtraq/2017/Apr/66

Mirai and Hajime Locked Into IoT Botnet Battle

A white hat hacker is believed responsible for the Hajime IoT botnet because its main objective appears to be to secure IoT devices vulnerable to the notorious Mirai malware.

Link: https://threatpost.com/mirai-and-hajime-locked-into-iot-botnet-battle/125112/

Android Banking Trojan Found on Google Play Store

A security researcher has discovered a new…

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Link: http://feedproxy.google.com/~r/ehacking/~3/hMZsfZWqPDY/android-banking-trojan-found-on-google.html