19 matches found
The research never stops: Zhiniang Peng’s security research story
Some security researchers discover hacking early. Others discover it accidentally. For Zhiniang Peng, it started with curiosity and cybersecurity magazines...
1980s Hacker Manifesto
Forty years ago, The Mentor--Loyd Blankenship--published "The Conscience of a Hacker" in Phrack. You bet your ass we're all alike… we've been spoon-fed baby food at school when we hungered for steak… the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominate...
EUVD-2014-1236
Malware in sbrugna...
Auditing without Leaks Despite Curiosity
Whitepaper called Auditing Without Leaks Despite Curiosity...
Lessons from Ted Lasso for cybersecurity success
Welcome to this week's edition of the Threat Source newsletter. "Be curious, not judgmental," Ted Lasso says, misattributing Walt Whitman. We forgive Ted because... well, he's Ted Lasso. If you've not watched the first season of Ted Lasso, there is a defining moment where Ted confronts a nefariou...
Enter the substitute teacher
Welcome to this weeks threat source newsletter with Jon out, youve got me as your substitute teacher. Im taking you back to those halcyon days of youth and that moment when you found out that you had a sub that day, will I be the teacher that just rolls in the TV cart and delivers the single...
How to Think Like a Hacker and Stay Ahead of Threats
To succeed as a cybersecurity analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks. During a webinar called The Hacker Mindset, a Red Team Researcher shared how you can use some of these tools for your own...
How to Think Like a Hacker and Stay Ahead of Threats
To succeed as a cybersecurity analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks. During a webinar called The Hacker Mindset, a Red Team Researcher shared how you can use some of these tools for your own...
Sql injection
A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/imagecontroller.rb. The manipulation of the argument sol leads to sql injection. The patch is named...
CVE-2014-125067 corincerami curiosity image_controller.rb sql injection
A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/imagecontroller.rb. The manipulation of the argument sol leads to sql injection. The patch is named...
CVE-2014-125067
CVE-2014-125067 affects corincerami curiosity; SQL injection via the sol parameter in app/controllers/image_controller.rb. Root cause: unsafely constructed SQL from user input. Impact per sources is described as critical; CVSS v3.1 base score 9.8 (NETWORK, HIGH confidentiality/Integrity/Availabil...
curiosity SQL注入漏洞
curiosity is an application by the individual developer Corin Cerami. It provides image data from NASA's Curiosity Mars Rover. A SQL injection vulnerability exists in curiosity, which stems from the fact that incorrect manipulation of the parameter sol can lead to sql injection...
PT-2023-10137 · Unknown · Corincerami Curiosity
Name of the Vulnerable Software and Affected Versions: corincerami curiosity affected versions not specified Description: A critical vulnerability was found in corincerami curiosity, affecting an unknown functionality of the file app/controllers/image controller.rb. The manipulation of the sol...
curiosity.site123.me Cross Site Scripting vulnerability OBB-1479507
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
UK Ad Campaign Seeks to Deter Cybercrime
The United Kingdom's anti-cybercrime agency is running online ads aimed at young people who search the Web for services that enable computer crimes, specifically trojan horse programs and DDoS-for-hire services. The ad campaign follows a similar initiative launched in late 2017 that academics say...
Social engineering attacks: What makes you susceptible?
We now live in a world where holding the door open for someone balancing a tray of steaming hot coffee—she can’t seem to get her access card out to place it near the reader—is something we need to think twice about. Courtesy isn’t dead, mind you, but in this case, you'd almost wish it were. Becau...
Curiosity Kills Security When it Comes to Phishing
Regardless of the amount of training and technology applied to phishing prevention, people are going to click on links, trust messages from supposedly known sources and get into trouble online. A recent academic paper collates the results of an experiment conducted with more than 1,200 German...
20-Year Old Vulnerability Patched in Compression Algorithm
A 20-year old vulnerability in the Lempel-Ziv-Oberhumer LZO compression algorithm – used in some Android phones, the Linux kernel, and even Mars Rovers – was finally patched this week. Code stemming from the algorithm’s library function has existed in the wild for two decades, but was recycled ov...
Hacker Infects 2,300 Computers; Court Hears Case of Youthful Curiosity
A hacker who infected over 2,300 computers with a virus capable of stealing banking details did not have serious criminal intentions, a court has heard. Today, lawyers for Anthony Scott Harrison argued that his "youthful curiosity" led him to hack into other people's computers to steal money...