CVE-2018-20448

Frog CMS 0.9.5 contains a reflected XSS vulnerability: the Database name field sent to /install/index.php is reflected back to the user. This is documented across multiple connected sources (e.g., Exploit-DB entry 46067, 0day.today exploit description, PacketStorm listing). Exploitation details a...

The Year Ahead: Cybersecurity Trends To Look Out for In 2019

A Proven Record Tracking Cybersecurity Trends This time of the year is always exciting for us, as we get to take a step back, analyze how we did throughout the year, and look ahead at what the coming year will bring. Taking full advantage of our team’s expertise in data and application security,...

WordPress Lumise 4.9 Database Disclosure

Exploit Title : WordPress Lumise Plugins 4.9 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 17/12/2018 Vendor Homepage : wordpress.org sequelpro.com lumise.com + codecanyon.net/category/wordpress?tags=lumise Software Download Link :...

Facebook Exposed 6.8 Million Users' Photos to Cap Off a Terrible 2018

In the latest in its long string of 2018 incidents, Facebook let developers access the private photos of millions of users...

Australia Anti-Encryption Law Triggers Sweeping Backlash

A controversial Australian bill, which could give the government access to data protected by end-to-end encryption, was passed Thursday. The bill, called the Assistance and Access Act, empowers Australian police to essentially force companies that are operating in the country to help the governme...

Hey Belfast, Imperva’s Moving Into The Neighborhood

As a local, I’m very excited to be Imperva’s first Belfast hire, in charge of spinning up the operation in our new European location. Imperva provides best-in-class data and application security solutions on premises, in the cloud, and in hybrid environments. As we position ourselves for the next...

Marriott breach impacts 500 million customers: here’s what to do about it

Today Marriott disclosed a large-scale data breach impacting up to 500 million customers who have stayed at a Starwood-branded hotel within the last four years. While details of the breach are still sparse, Marriott stated that there was unauthorized access to a database tied to customer...

Dell Warns of Attempted Breach on Network

Dell EMC is warning its Dell.com customers of unauthorized activity on its network that occurred on Nov. 9 when it believes adversaries attempted to access names, email addresses and hashed passwords. In response, the company said that it has reset all Dell.com customer passwords. Dell said that...

What DNA testing kit companies are really doing with your data

Sarah hovered over the mailbox, envelope in hand. She knew as soon as she mailed off her DNA sample, there’d be no turning back. She ran through the information she looked up on 23andMe’s website one more time: the privacy policy, the research parameters, the option to learn about potential healt...

Instagram’s download your data tool exposed users’ passwords to public view

By Waqas Facebook somehow manages to make headlines one way or the other. Last week we were all praises for the social network for introducing the Unsend feature in the Messenger app and this week we are despising the company’s lack of interest in offering fool-proof security to its users after b...

Why you need to know about Penetration Testing and Compliance Audits?

We live in an age where data flows like water, becoming the new life source of our everyday ventures. As such, you can just imagine what all of that entails and the weight that data receive, especially when it comes to a decision making on how to handle this fairly new and arguably invaluable...

Simple E-Document 1.31 - username SQL Injection

Simple E-Document 1.31 - username SQL Injection Exploit Title: Simple E-Document 1.31 - 'username' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage:...

2-Plan Team 1.0.4 - Arbitrary File Upload

2-Plan Team 1.0.4 - Arbitrary File Upload Exploit Title: 2-Plan Team 1.0.4 - Arbitrary File Upload Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://2-plan.com/ Software Link: https://datapacket.dl.sourceforge.net/project/to-plan-team/1.1.0/2-plan-team.tgz Version:...

CVE-2018-8566

creationtimestamp| type| source ---|---|--- 2018-11-14 17:39:01+00:00| seen| MISP/5bec5b59-b2b0-4506-9c63-32a40a021402...

CVE-2018-8552

An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet...

Paroiciel 11.20 SQL Injection

Exploit Title: Paroiciel 11.20 - 'tRecIdListe' SQL Injection Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.paroiciel.com/ Software Link: https://datapacket.dl.sourceforge.net/project/paroiciel/version%2011/par6lus1120160225.exe Version: 11.20 Category: Webap...

4 things you didn’t know a VPN could do

By Sabrina Bucknole Until recently, many people thought of VPNs as a tool used by tech-savvy kids to anonymously download music and films. But, as concern about the use and security of personal data online continues to rise, it is no surprise that the number of people using a Virtual Private...

Which Threats had the Most Impact During the First Half of 2018?

One of the best ways for organizations to shore up their data security efforts and work toward more proactive protection is by examining trends within the threat environment. Taking a look at the strategies for attack, infiltration and infection currently being utilized by hackers can point towar...

Facebook Blames Malicious Extensions in Breach of 81K Private Messages

Hackers have published what they claim are private messages from at least 81,000 Facebook accounts – and they say the trove contains a fraction of the details they have from a larger cadre of 120 million accounts. In an English-language Dark Web advertisement now taken down, the perpetrators...

Tomorrowland festival goers affected by data breach

Tomorrowland, a major international music festival, has revealed a data breach potentially affecting around 60,000 attendees. This one is a little different though, as the data accessed without permission isn't recent. In fact, it dates back four years to an event long since come and gone...