Lucene search
K

663 matches found

Hacker One
Hacker One
added 2018/11/11 6:41 a.m.15 views

Semrush: Web cache deception attack - expose earning state information

Hello, I have found new Vulnerability in your website which called Web cache deception attack. It's found first time in Paypal. Web Cache Deception Attack Websites often tend to use web cache functionality to store files that are often retrieved, to reduce latency from the web server. Let's see a...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2018/10/15 12:44 p.m.21 views

Zendesk: CSRF on developer.zendesk.com via Cache Deception

October 2018 - It was found under certain circumstances when arbitrary files were requested the response would be cached leading to leakage of a CSRF token. The scope of this was limited to developer.zendesk.com. We appreciate the great submission and work from @imran1121!...

2.4AI score
Exploits0
Hacker One
Hacker One
added 2018/09/27 5:38 a.m.73 views

QIWI: [*.rocketbank.ru] Web Cache Deception & XSS

Практически все сайты .rocketbank.ru, основанные на readymag.rocketbank.ru, уязвимы к Web Cache Deception и XSS. Пример запроса: http GET /?xx HTTP/1.1 Host: wknd.rocketbank.ru X-Forwarded-Host: cacheattack'"alertdocument.domain HTTP ответ: html alertdocument.domain/friends/" alertdocument.domain...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2018/08/21 2:7 a.m.599 views

Chaturbate: Web cache deception attack - expose token information

Hello, I have found new Vulnerability in your website which called Web cache deception attack. It's found first time in Paypal. Web Cache Deception Attack Websites often tend to use web cache functionality to store files that are often retrieved, to reduce latency from the web server. Let's see a...

6.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/08/03 1:1 p.m.29 views

Partner Perspectives: Attivo + Carbon Black Integration Delivers Advanced, Continuous Threat Management and Response

Joseph Salazar is the Technical Deception Officer for Attivo Networks. Cyber attackers have repeatedly proven that they can gain access to the networks of even the most security-savvy organizations. Whether the attacker finds their way in through the use of stolen credentials, zero-day...

1.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/07/27 9:12 p.m.12 views

Friday Squid Blogging: Squid Deception

This is a fantastic video of a squid attracting prey with a tentacle that looks like a smaller squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2018/06/19 2:7 p.m.3 views

Hackers Who Hit Winter Olympics 2018 Are Still Alive and Kicking

Remember the 'Olympic Destroyer' cyber attack? The group behind it is still alive, kicking and has now been found targeting biological and chemical threat prevention laboratories in Europe and Ukraine, and a few financial organisation in Russia. Earlier this year, an unknown group of notorious...

7.5AI score
Exploits0
Securelist
Securelist
added 2018/06/19 10:0 a.m.205 views

Olympic Destroyer is still alive

In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic Games 2018 held in Pyeongchang, South Korea. Olympic Destroyer was a cyber-sabotage attack based on the spread of a destructive network worm. Th...

7.6AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/06/13 5:24 p.m.45 views

What ‘Nightingale Floors’ From Historical Japan Can Teach Us About Intrusion Suppression

Multinational corporations are under siege from a multiplicity of threat actors. The cyber arms bazaar that flourishes around the world has allowed for criminals and nations to wage long-term campaigns against corporations and government agencies. These cyber criminals stalk businesses and...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2018/06/05 10:33 p.m.18 views

DejaVU - Open Source Deception Framework

Deception techniques if deployed well can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across larg...

7.4AI score
Exploits0References1
Carbon Black Blog
Carbon Black Blog
added 2018/06/05 6:49 p.m.68 views

Partner Perspectives: How TrapX & Carbon Black Use Deception Technology to Better Protect Your Enterprise

As organizations continue to move toward digital transformation, the digital workspace ecosystem of IoT devices, endpoints, and networks continues to grow and evolve. This new landscape creates many opportunities for potential attackers. Security becomes even more important for everyone in this n...

0.3AI score
Exploits0
n0where
n0where
added 2018/05/24 8:12 p.m.36 views

Open Source Deception Framework: DejaVU

Deception techniques if deployed well can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across larg...

0.1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2018/05/17 3:0 p.m.10 views

Podcast: The Evolution of Deception Technology

Deception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices. Threatpost talks to Tony Cole, CTO of Attivo Networks, about how deception technology has evolved, the challenges behind and opportunities of...

1.2AI score
Exploits0References1
Carbon Black Blog
Carbon Black Blog
added 2018/03/27 2:26 p.m.50 views

Suppressing the Adversary via Threat Hunt Teams

What a brave new world. Global cyber insurgencies continue unabated. Decreasing dwell time is imperative in 2018. In order to achieve this goal, we must embrace the hunt. Every organization should stand up a threat hunt team. The team must be multidisciplinary with experience in e-forensics and...

6.6AI score
Exploits0
CNVD
CNVD
added 2018/03/08 12:0 a.m.2 views

Information leakage vulnerability in NFC module of multiple Huawei phones

Huawei Mate 9 Pro is a smartphone from Huawei Huawei. An information disclosure vulnerability exists in the NFC module of multiple Huawei phones, which can be exploited by an attacker to cause partial information disclosure by tricking the user into performing a specific action and tampering with...

3.5CVSS6.1AI score0.00334EPSS
Exploits0References1
CNVD
CNVD
added 2018/01/31 12:0 a.m.4 views

Google Chrome URL Spoofing Vulnerability (CNVD-2018-03789)

Google Chrome is a web browser developed by Google Inc. in the United States. A URL spoofing vulnerability exists in Google Chrome. A remote attacker can exploit this vulnerability to spoof URLs by tricking users into visiting a specially crafted website...

6.5CVSS8.5AI score0.0154EPSS
Exploits0References1
Akamai Blog
Akamai Blog
added 2018/01/19 6:33 a.m.22 views

Gone Phishing For The Holidays

Written by Or Katz and Amiram Cohen Overview: While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic. During the six week...

6.5AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2017/12/29 9:9 p.m.61 views

Security update for phpMyAdmin (important)

This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...

2.3AI score
Exploits0References1
OSV
OSV
added 2017/12/29 4:35 p.m.7 views

OPENSUSE-SU-2017:3448-1 Security update for phpMyAdmin

This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations bsc1074066, PMASA-2017-09 This update also contains all upstream improvements...

7.3AI score
Exploits0References2
Carbon Black Blog
Carbon Black Blog
added 2017/12/18 2:25 p.m.8 views

December 18, 2017 – Morning Cyber Coffee Headlines – “Cats” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! December 18, 2017 - Headlines Our top 7 cyber security predictions for 2018 - C...

6.8AI score
Exploits0
Rows per page
Query Builder