Tag Archives: patches

Extremely critical Ruby on Rails bug threatens more than 200,000 sites

Bad news for RoR sites… it’ll probably be years before they’re all upgraded and patched.

Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability in the Ruby on Rails framework that gives remote attackers the ability to execute malicious code on the underlying servers.

The bug is present in Rails versions spanning the past six years and in default configurations gives hackers a simple and reliable way to pilfer database contents, run system commands, and cause websites to crash, according to Ben Murphy, one of the developers who has confirmed the vulnerability. As of last week, the framework was used by more than 240,000 websites, including Github, Hulu, and Basecamp, underscoring the seriousness of the threat.

via Extremely critical Ruby on Rails bug threatens more than 200,000 sites | Ars Technica.

New Microsoft Data Puts Zero-Day Threat Into Perspective

First, the good news from Microsoft’s newest data on real-world Windows security incidents: Zero-day attacks are relatively rare. Now the bad news: Nintey-nine percent of all malware infections are due to organizations and users not applying security updates.

So why don’t people or organizations let the thousands of existing patches secure their machines?

via New Microsoft Data Puts Zero-Day Threat Into Perspective – Dark Reading.