RAID Technology and the importance of disk encryption in data security

Introduction Recently we were engaged by a client experiencing a potential data leak incident. Amidst their expansion, they were constructing a new data centre. Due to pressing business needs, they accelerated the setup of part of their infrastructure. This urgency led to them setting up a Domain...

What is Cloud Mining and How Does it Work?

By Owais Sultan Cloud mining is a way for you to purchase mining power from a remote data centre. Cloud mining… This is a post from HackRead.com Read the original post: What is Cloud Mining and How Does it Work?...

What is Cloud Mining and How Does it Work?

By Owais Sultan Cloud mining is a way for you to purchase mining power from a remote data centre. Cloud mining… This is a post from HackRead.com Read the original post: What is Cloud Mining and How Does it Work?...

Admin user can change Portfolio Plugin hierarchy without WebSudo validation

Affected versions of Atlassian Jira Server and Data Centre allow remote attackers to modify the hierarchy structure of the Portfolio Plugin via a Broken Access Control vulnerability in the hierarchy configuration component. The affected versions are before version 8.20.4, and from version 8.21.0...

Time for a Haircut

Like many people around the world, my hair has grown profusely in the past few months and bears little resemblance to the photo in my profile. Without the required care and attention, my hair is getting dangerously close to the bad hairstyles I adopted in the 1980s. I could of course attempt to f...

CVE-2020-4071 Timing attack on django-basic-auth-ip-whitelist

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...

Customers created via the Customer Portal do not trigger an email verification

In affected versions of Jira Service Desk Server and Data Centre, it was possible to create customers with fake email addresses via the Customer Portal. This is now resolved with email verification. Affected versions: version 3.16.13 4.0.0 ≤ version 4.5.3 4.6.0 ≤ version 4.7.0 Fixed versions:...

Customers created via the Customer Portal do not trigger an email verification

In affected versions of Jira Service Desk Server and Data Centre, it was possible to create customers with fake email addresses via the Customer Portal. This is now resolved with email verification. Affected versions: version 3.16.13 4.0.0 ≤ version 4.5.3 4.6.0 ≤ version 4.7.0 Fixed versions:...

hacking the mitsubishi GB-50A

Hi All, Well, it's been over 4 months since my plea for a security contact at Mitsubishi Electric to come forward. Since no one has, I thought I'd release a POC for hacking one. It's not exactly hard, the web controller uses a nasty set of Java applets to interact with itself. The shocking thing ...