Have you ever been browsing the internet and then all of sudden a file downloads into your system? And all that without … [Read More...]
Featured Articles
GitLab ExifTool Unauthenticated RCE
In 2021, a critical vulnerability was found in the GitLab server. An issue has been discovered in GitLab CE/EE affecting … [Read More...]
PHPMailer RCE By Abusing sendmail
PHP is a server-side scripting language for making dynamic and interactive Web pages. Many developers are still using it … [Read More...]
Editorial Picks
Latest Blog Updates
DevSecOps Tutorial, Tools and Benefits
Introduction DevSecOps is the process of integrating security amidst the development and operations. It emphasizes the fact that security is the shared responsibility throughout the entire product development life cycle. DevSecOps represents a culture where we strive to build products faster and safer and we detect and respond to security findings early in the process rather than doing that in a reactive manner. DevSecOps What is DevSecOps? Practically, DevSecOps is an art of integrating 3 pillars of software development life cycle that are: DevelopmentSecurityOperations To achieve this we … [Read More...]
Top 10 Commonly Overlooked Privacy Concerns
The internet has transformed how we interact with various industries worldwide and changed how we do things. We can now do many things online, from banking to shopping and even medical appointments. While the advent of the internet has brought about some welcomed change, it’s also created issues, particularly around cybersecurity and privacy for its users. Thanks to the pandemic, companies and organizations worldwide have demanded better connectivity as more people work from home. However, in 2021, cybercrime skyrocketed. According to Check Point Research, organizations surveyed in their 2021 study were … [Read More...]
What is a Cloning Attack?
A cloning attack refers to a type of threat in which a trusted resource is copied and used by an attacker. The cloned resource might be a cryptographically signed email, social media account, or any content that boosts trust in the attacker using a stolen reputation. For example, we could copy the content of a popular social media page on a new account using a similar username. Because we pose as the original page, how would anyone know that we're not the original account? Twitter protects against cloning like this with its coveted Blue Checkmark feature for verified accounts, and we'll explore other … [Read More...]
Business logic vulnerabilities
What are Business Logic Vulnerabilities? In today's world, where hackers are becoming more sophisticated with each passing day, penetration testers must not rely just on automated scanners to identify application flaws. It is a requirement of the time that testers grasp the deep concepts on which the application is based. This is because it is by this method that we can insulate our apps against business logic flaws. How do these arise? Business Logic Vulnerabilities arise when developers do not truly understand the application's users and just try to build the application's functionality. As a result, … [Read More...]
Browser In The Browser (BITB) Attack
Credentials Stealing Ever wondered how your credentials can be stolen from SSO (Single Sign-On)? How a legit-looking windows popup can steal the credentials? Phishing has been around for many years. Attackers have been using many techniques to lure the victims into their trap and gather their credentials. These techniques include social engineering, fake emails, campaigns, messages, websites, etc. There have been many detection mechanisms to protect users from common and/or suspected phishing attempts. But a new technique called Browser In The Browser (BITB) Attack has taken over the internet with its unique … [Read More...]