Hostinger Suffers Data Breach – Resets Password For 14 Million Users

Popular web hosting provider Hostinger has been hit by a massive data breach, as a result of which the company has reset passwords for all customers as a precautionary measure. In a blog post published on Sunday, Hostinger revealed that "an unauthorized third party" breached one of its servers an...

Authentication flaw

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is...

Coda: Use Github pack with Coda employee github account (search code of Coda's private repositories)

Summary: When you use the Github formula, the information from the Github API is returned by the endpoint https://coda.io/coda.CalcService/InvokeFormula. From what I understand, this endpoint expects a gRPC request. In the request is sent: the formula Github..CodeSearch, the version of the Github...

Valve: /applications/dpc_(get|post) provide full access to api.steampowered.com with the Dota2 API key

The vulnerability allowed attackers to call arbitrary API methods using an API key with elevated privileges for Dota2...

Stronger Together, Red Hat 3scale Integration

Most enterprises today rely on customers accessing their applications to conduct daily business. These enterprises know by now that application programming interfaces APIs are becoming more common than ever before to enable communication between applications and end users. Even though they are...

4 Critical Elements Your Next Security Solution Must Have

Security is essential to the success of any digital business. But there's one thing you can always count on: security-related incursions are inevitable. And the results can be devastating. Security breaches erode trust and damage reputation. As a CIO, CISO, or other security or IT leader, you kno...

Every Second Counts When You’re Under Attack — Imperva Provides 3 Second DDoS Mitigation, Stops Account Takeovers & Protects your APIs

Let’s be blunt: cybersecurity is a never-ending arms race between bad actors and IT and security teams. Lately, attackers have surged. Armed with powerful, inexpensive hacking tools and deep knowledge gleaned from successful breaches, attackers are organizing sprawling botnets, probing soft targe...

CVE-2019-11119

The CVE-2019-11119 issue affects Intel RAID Web Console 3 for Windows, version 4.186 and earlier. It stems from insufficient session validation in the service API, potentially allowing an unauthenticated user to escalate privileges via network access. Red Hat and Intel advisories confirm the vuln...

Imperva to Acquire Distil Networks, the Leader in Bot Management

As an established leader in cybersecurity, Imperva provides our customers the most comprehensive, analyst-recognized application security solution on the market. We are a five-time leader in Gartner’s 2018 Magic Quadrant for Web Application Firewalls WAF. Our DDoS Protection continues to...

CVE-2018-12297

CVE-2018-12297 affects Seagate NAS OS 4.3.15.1 with XSS in API error pages via URL path names. Root cause cited as insufficient validation of client data by the WEB application; impact is client-side script execution. Exploitation details/works are not provided in the documents; no remediation/ve...

Is your org structure threatening your IT security infrastructure?

5 Tips to Solve API Security Issues in Any IT Security Infrastructure Start listening. Integrating isn’t enough if your teams aren’t talking. In a hyper-competitive environment, keeping up with customer usability demands often means adopting a hyper-agile development process. It’s a dangerous...

Gone in six seconds? Exploiting car alarms

Key relay attacks against keyless entry vehicles are well known. Many 3rd party car alarm vendors market themselves as solutions to this. We have shown that fitting these alarms can make your vehicle EVEN LESS SECURE! These alarms can expose you to hijack, may allow your engine to be stopped whil...

Enhancing API Gateway With Request Throttling to Manage Overconsumption

API traffic is exploding online and across the Akamai Intelligent Edge Platform. APIs are the connective tissue among organizations driving innovative and integrated digital experiences. As these experiences are mission critical for organizations to monetize partnerships, create connections for...

What to Expect at RSA 2019

Attending RSAC 2019? The week promises to be full of exciting content, useful connections, networking and insights into new security trends. BSides San Francisco The week will start on March 3rd with the amazing BSides event. The BSides community has continuously raised the bar and put the INFO...

CUJO Firewall User Enumeration / Authorization Bypass Vulnerabilities

Exploit for multiple platform in category local exploits Despite CUJO Firewall is a cute device and quite challenging to break from hardware hacking point of view... the APIs which are just a click away, once bypassed pinning and apk's obfuscation suffer of authorization bypass issues. An attacke...

SureMDM < 2018-11 Patch - Local / Remote File Inclusion

Exploit Title: SureMDM LFI/RFI Prior to 2018-11 Patch Google Dork: inurl:/api/DownloadUrlResponse.ashx Date: 2019-02-01 Exploit Author: Digital Interruption Vendor Homepage: https://www.42gears.com/ Software Link: https://www.42gears.com/products/suremdm-home/ Version: Versions prior to the...

DuckDuckGo: Partial bypass of #483774 with Blind XXE on https://duckduckgo.com

Summary: Hi DuckDuckGo team, I've contacted previously you because in a second time on the 483774 report, I've seen that was possible bypass the fix. Anyway, I've not got any response, and because I think that this is a bit dangerous issue, I'm opening another report for the bypass. Hope you'll...

Fighting Fire with Fire: API Automation Risks

Akamai research shows that 83 percent of all traffic on the web today are API calls JSON / XML. In many cases this fast growth can be attributed to the adoption and popularity of mobile devices and the mobile app ecosystem, as well as the abuse by threat actors using bots to automate their manual...

api.kostprice.com XSS vulnerability

Open Bug Bounty ID: OBB-713364 Description| Value ---|--- Affected Website:| api.kostprice.com Open Bug Bounty Program:| View Open Bug Bounty Program Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden until disclosure...

api.paymentwall.com XSS vulnerability

Open Bug Bounty ID: OBB-713093 Description| Value ---|--- Affected Website:| api.paymentwall.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...