Lucene search
K

1129 matches found

Malwarebytes
Malwarebytes
added 2018/12/24 6:56 p.m.87 views

A week in security (December 17 – 23)

Last week on Labs we looked at Fuchsia OS as a possible alternative for Android, explained all the reasons why cybercriminals want to hack your phone, discussed a flaw in Twitter form that may have been abused by nation states, gave you a Christmas tech scams roundup, revealed why many online...

7.5AI score
Exploits0
HackRead
HackRead
added 2018/11/12 4:6 p.m.92 views

Cloudflare Launches Android and iOS version of 1.1.1.1 DNS Service

By Waqas Download the app and toggle on it to generate a VPN profile that will automatically reroute the DNS traffic using the 1.1.1.1 DNS servers. On April 1, 2018, Cloudflare and APNIC launched the 1.1.1.1 public DNS service to speed up the searching process for web addresses faster and more...

2.7AI score
Exploits0
Kitploit
Kitploit
added 2018/10/17 9:46 p.m.58 views

Infog - Information Gathering Tool

InfoG is a Shellscript to perform Information Gathering. Features Check Website info Check Phone info IP Tracker Check Valid E-mail Check if site is Up/Down Check internet speed Check Personal info Find IP behind Cloudflare Find Subdomains Port Scan Multi-threaded Check CMS Check DNS leaking Usag...

7.1AI score
Exploits0References1
Hacker One
Hacker One
added 2018/10/03 9:17 a.m.29 views

Cloudflare: DOM XSS on 1.1.1.1(one.one.one.one)

After discussion with Cloudflare on twitter I'm reporting this here. There is a DOM XSS on 1.1.1.1 or one.one.one.one site, it seems like the sink is XMLHR.open,Taint,,, and the source is location.search The PoC url's are: https://1.1.1.1/?ApiLocation=//localdomain.pw...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2018/09/24 4:31 p.m.4615 views

Chaturbate: [chatws25.stream.highwebmedia.com] - Reflected XSS in c parameter

Hi Team, Found that chatws25.stream.highwebmedia.com is vulnerable to reflected XSS in c parameter, we can verify it with following URL, it is also a Cloudflare filter bypass: https://chatws25.stream.highwebmedia.com/ws/007/tgpraolp/htmlfile?c=███...

2.9AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2018/09/21 12:0 p.m.40 views

Cloudflare Embraces Google Roughtime, Giving Internet Security a Boost

Syncing clocks online is vital to web security...

1.8AI score
Exploits0
Kitploit
Kitploit
added 2018/08/27 1:2 p.m.52 views

BillCipher - Information Gathering Tool For A Website Or IP Address

Information Gathering tool for a Website or IP address, use some ideas from Devploit. BillCipher can work in any operating system if they have and support Python 2, Python 3, and Ruby. Features DNS Lookup Whois Lookup GeoIP Lookup Subnet Lookup Port Scanner Page Links Zone Transfer HTTP Header Ho...

7AI score
Exploits0References2
OSV
OSV
added 2018/07/13 4:1 p.m.13 views

GHSA-5MC5-5J6C-QMF9 cfscrape Improper Input Validation vulnerability

An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0...

8.8CVSS8.6AI score0.01535EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2018/07/13 4:1 p.m.32 views

cfscrape Improper Input Validation vulnerability

An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0...

8.8CVSS8.6AI score0.01535EPSS
Exploits0References6Affected Software1
Hacker One
Hacker One
added 2018/07/03 3:5 p.m.140 views

Cloudflare: Private API key leakage due to lack of access control

The lack of access control on the https://mobilesdk.cloudflare.com/api/v1/ api allows for a remote attacker to access and steal a logged in user's private data. This can be done due to the lack of origin protection. An attacker can embed the config URI...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2018/06/26 9:51 p.m.12 views

Mozilla Announces Firefox Monitor Tool Testing, Firefox 61

Mozilla has made some sweeping security announcements this week: On Monday, the company announced it is testing a new security tool called Firefox Monitor, which the firm said securely checks to see if users’ accounts have been hacked. That news came just as the browser giant released Firefox 61...

Exploits0References6
ThreatPost
ThreatPost
added 2018/06/04 7:17 p.m.8 views

Cloudflare Gets Transparent on DNS Resolver Outage

In a testament to transparency, Cloudflare has explained a 17-minute outage on its 1.1.1.1 resolver service last week: It was a glitch in its own systems, not a cyber-incident. The 1.1.1.1 service is a Domain Name System DNS resolver that matches up URLs say, “cloudflare.com” with their...

0.7AI score
Exploits0References2
Hacker One
Hacker One
added 2018/06/01 3:24 p.m.36 views

Liberapay: Origin IP found, Cloudflare bypassed

Hello team, during the initial assessment of your assets I've come across what seems to be the unprotected origin server for www.liberapay.com. Description The frontend currently resolves to ████ and ███, both owned by Cloudflare, which act as your reverse proxy and WAF. By correlating your SSL...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2018/05/02 6:43 p.m.33 views

Cloudflare: Remote file inclusion using "/cdn-cgi/pe/bag2?r[]="

Grampae was able to load arbitrary resources into an HTML response form. The following header parameters provided an HTTP request back although sometimes 30 minutes later: X-Forwarded-For Client-IP Referer Contact X-Wap-Profile Forwarded X-Originated-IP X-Client-IP From User Agent The resource...

0.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/23 4:6 p.m.42 views

A week in security (April 16 – April 22)

Last week, we took a stroll down memory lane talking about Facebook and MySpace, noticed a change in the Magnitude exploit kit—wherein it started adopting the GandCrab ransomware, took a good look at a new form of adware that is based on Python, chatted a bit about Russian hacking with a...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/04/20 4:0 p.m.54 views

Cloudflare’s new DNS service

Are you looking for a free way to speed up your internet and gain some extra privacy in the process? Keep reading, because Cloudflare the Web Performance & Security Company is offering a free new DNS service. And it helped me improve the speed of my DNS lookups. What is DNS? DNS is short for Doma...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2018/04/04 5:21 a.m.13 views

Algolia: Directory traversal at https://msg.algolia.com

Hi, I was able to view the internal server files at https://msg.algolia.com. Please see the attached screenshots for proof. I have tried to reproduce from within firefox and internet explorer without much luck however if you need it I will try to come up with a work around. For reference the...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2018/04/02 5:28 p.m.11 views

Cloudflare Launches Publicly DNS-Over-HTTPS Service

Cloudflare is hoping to boost consumer privacy, reduce the threat of man-in-the-middle attacks, and speed up the internet with a new free solution for securing domain name server traffic that uses the encrypted HTTPS channel. On Sunday, the security focused content delivery network provider,...

0.1AI score
Exploits0References11
The Hacker News
The Hacker News
added 2018/04/02 1:34 p.m.52 views

How to Make Your Internet Faster with Privacy-Focused 1.1.1.1 DNS Service

Cloudflare, a well-known Internet performance and security company, announced the launch of 1.1.1.1—world's fastest and privacy-focused secure DNS service that not only speeds up your internet connection but also makes it harder for ISPs to track your web history. Domain Name System DNS resolver,...

Exploits0
ThreatPost
ThreatPost
added 2018/03/26 9:15 a.m.14 views

Mozilla Tests DNS over HTTPS: Meets Some Privacy Pushback

The Mozilla Foundation is testing a new mechanism for securing domain name server traffic that uses the encrypted HTTPS channel. It is an attempt to speed up the internet, reduce the threat of man-in-the-middle attacks and keep prying eyes from monitoring what users do online. Starting in the nex...

6.7AI score
Exploits0References11
Rows per page
Query Builder