663 matches found
Semrush: Web cache deception attack - expose earning state information
Hello, I have found new Vulnerability in your website which called Web cache deception attack. It's found first time in Paypal. Web Cache Deception Attack Websites often tend to use web cache functionality to store files that are often retrieved, to reduce latency from the web server. Let's see a...
Zendesk: CSRF on developer.zendesk.com via Cache Deception
October 2018 - It was found under certain circumstances when arbitrary files were requested the response would be cached leading to leakage of a CSRF token. The scope of this was limited to developer.zendesk.com. We appreciate the great submission and work from @imran1121!...
QIWI: [*.rocketbank.ru] Web Cache Deception & XSS
Практически все сайты .rocketbank.ru, основанные на readymag.rocketbank.ru, уязвимы к Web Cache Deception и XSS. Пример запроса: http GET /?xx HTTP/1.1 Host: wknd.rocketbank.ru X-Forwarded-Host: cacheattack'"alertdocument.domain HTTP ответ: html alertdocument.domain/friends/" alertdocument.domain...
Chaturbate: Web cache deception attack - expose token information
Hello, I have found new Vulnerability in your website which called Web cache deception attack. It's found first time in Paypal. Web Cache Deception Attack Websites often tend to use web cache functionality to store files that are often retrieved, to reduce latency from the web server. Let's see a...
Partner Perspectives: Attivo + Carbon Black Integration Delivers Advanced, Continuous Threat Management and Response
Joseph Salazar is the Technical Deception Officer for Attivo Networks. Cyber attackers have repeatedly proven that they can gain access to the networks of even the most security-savvy organizations. Whether the attacker finds their way in through the use of stolen credentials, zero-day...
Friday Squid Blogging: Squid Deception
This is a fantastic video of a squid attracting prey with a tentacle that looks like a smaller squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
Hackers Who Hit Winter Olympics 2018 Are Still Alive and Kicking
Remember the 'Olympic Destroyer' cyber attack? The group behind it is still alive, kicking and has now been found targeting biological and chemical threat prevention laboratories in Europe and Ukraine, and a few financial organisation in Russia. Earlier this year, an unknown group of notorious...
Olympic Destroyer is still alive
In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic Games 2018 held in Pyeongchang, South Korea. Olympic Destroyer was a cyber-sabotage attack based on the spread of a destructive network worm. Th...
What ‘Nightingale Floors’ From Historical Japan Can Teach Us About Intrusion Suppression
Multinational corporations are under siege from a multiplicity of threat actors. The cyber arms bazaar that flourishes around the world has allowed for criminals and nations to wage long-term campaigns against corporations and government agencies. These cyber criminals stalk businesses and...
DejaVU - Open Source Deception Framework
Deception techniques if deployed well can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across larg...
Partner Perspectives: How TrapX & Carbon Black Use Deception Technology to Better Protect Your Enterprise
As organizations continue to move toward digital transformation, the digital workspace ecosystem of IoT devices, endpoints, and networks continues to grow and evolve. This new landscape creates many opportunities for potential attackers. Security becomes even more important for everyone in this n...
Open Source Deception Framework: DejaVU
Deception techniques if deployed well can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across larg...
Podcast: The Evolution of Deception Technology
Deception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices. Threatpost talks to Tony Cole, CTO of Attivo Networks, about how deception technology has evolved, the challenges behind and opportunities of...
Suppressing the Adversary via Threat Hunt Teams
What a brave new world. Global cyber insurgencies continue unabated. Decreasing dwell time is imperative in 2018. In order to achieve this goal, we must embrace the hunt. Every organization should stand up a threat hunt team. The team must be multidisciplinary with experience in e-forensics and...
Information leakage vulnerability in NFC module of multiple Huawei phones
Huawei Mate 9 Pro is a smartphone from Huawei Huawei. An information disclosure vulnerability exists in the NFC module of multiple Huawei phones, which can be exploited by an attacker to cause partial information disclosure by tricking the user into performing a specific action and tampering with...
Google Chrome URL Spoofing Vulnerability (CNVD-2018-03789)
Google Chrome is a web browser developed by Google Inc. in the United States. A URL spoofing vulnerability exists in Google Chrome. A remote attacker can exploit this vulnerability to spoof URLs by tricking users into visiting a specially crafted website...
Gone Phishing For The Holidays
Written by Or Katz and Amiram Cohen Overview: While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic. During the six week...
Security update for phpMyAdmin (important)
This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...
OPENSUSE-SU-2017:3448-1 Security update for phpMyAdmin
This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...
December 18, 2017 – Morning Cyber Coffee Headlines – “Cats” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! December 18, 2017 - Headlines Our top 7 cyber security predictions for 2018 - C...