119 matches found
CVE-2020-14972
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution RCE via the useremail, userpass, and id parameters on the admin login-portal and the edit-lessons webpages...
Teaching from home might become part of every teachers’ job description
“Hey Joe, I wanted to remind you that starting next Monday you will be expected to teach from home. The lesson material is in your inbox along with the list of pupils that are expected to follow them. We are sure it will take some adjustments, but we trust that by working together we can make the...
Kali Linux 2020.2 Release - Penetration Testing and Ethical Hacking Linux Distribution
We are incredibly excited to announce the second release of 2020, Kali Linux 2020.1.2 A quick overview of what’s new since January: KDE Plasma Makeover & Login PowerShell by Default. Kind of. Kali on ARM Improvements Lessons From The Installer Changes New Key Packages & Icons Behind the Scenes,...
Tokyo Olympics Postponed, But 5G Security Lessons Shine
The 2020 Summer Olympics in Tokyo were officially postponed this week amid the ongoing, pandemic spread of the coronavirus that causes COVID-19. The Games will be moved to 2021, but in the meantime, technological innovation around the event will continue. More specifically, postponed or not, the...
Misleading cybersecurity lessons from pop culture: how Hollywood teaches to hack
In pop culture, cybercrimes are often portrayed as mysterious and unrealistic. Hackers are enigmatic and have extraordinary tech abilities. They can discover top secrets in a short time and type at breakneck speed to hack into a database. In real life, though, hacking is not that straightforward...
Report to Your Management with the Definitive ‘IR Management and Reporting’ presentation Template
The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the...
Download: Definitive 'IR Management and Reporting' Presentation Template
The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice, some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the...
Introducing Cisco Talos Incident Response: Stories from the Field
By Jon Munshaw. As another way of bringing our boots-on-the-ground intelligence to defenders, customers and users, we are introducing a new video series called "Cisco Talos Incident Response: Stories from the Field." In each entry, a CTIR team member will cover one specific incident or lesson tha...
Podcast: What We've Learned from the Year of the Breach
This podcast is sponsored by Arctic Wolf. Large-scale data breaches hitting organizations like Capital One and Georgia Tech in 2019 show that companies continue to be targeted in malicious cyberattacks that expose customers’ personal data and valuable records. Threatpost host Cody Hackett sat dow...
Art Imitates Life: Lessons from the Final Season of Mr. Robot
Fair warning: if you aren’t caught up, there are spoilers for the first episode of the final season of Mr. Robot below. It’s an alien sensation to be watching the fourth and final season of Mr. Robot as a civilian: having worked as a technical consultant for the first three seasons of the show,...
WAF-Based Attacks & The Future of Security
Understand WAFs and cybersecurity. Recent WAF-based breaches with CapitalOne, Imperva, and Cloudflare offer essential lessons we can learn from where WAF technology is failing us and what can we do to improve our security. The post WAF-Based Attacks & The Future of Security appeared first on...
New Presentation Template: Incident Response Reporting for Management
Every security professional knows it’s only a matter of time before their organization is breached. And even though most security-conscious organizations have implemented procedures and products to facilitate the incident response process, many security decision-makers find much more of a challen...
When Checking the Box Results in Two Zero Days and Root (CVE-2019-14257 and CVE-2019-14258)
Finding new bugs and exploiting them can be exciting and fun for a penetration tester. I was ecstatic to find my first two zero-days, and I used them to break a system from no access to root. This was a good day for me - but the story behind the story provides some real lessons enterprises can...
Reconstructing SIGSALY
Lessons learned in reconstructing the World War II-era SIGSALY voice encryption system...
Congressional Report on the 2017 Equifax Data Breach
The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It's a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my...
Inside MSRC: Sharing Our Story & Customer Tips
For the last 20 years, the Microsoft Security Response Center has been an integral part of Microsoft’s commitment to customer security. We are often called on to talk about the work we do and how customers can apply the lessons we have learned over that period to better their security posture...
Podcast: Breaking Down the COSCO Ransomware Attack
Last week, shipping giant COSCO China Ocean Shipping Company announced it was hit with a ransomware attack that crippled its U.S. operations. The company’s phone and email for its U.S. branch were down for five days, and have now been restored. Threatpost talks to Matt Tyrer with Commvault about...
E-Mail Vulnerabilities and Disclosure
Last week, researchers disclosed vulnerabilities in a large number of encrypted e-mail clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client...
A Mirai Botnet Postscript: Lessons Learned
The fall 2016 Mirai botnet compromised more than 300,000 IoT devices as part of a massive DDoS attack. After the crippling attack, Flashpoint and Akamai worked together with law enforcement to help bring those behind the botnet attack to justice. Threatpost’s Tom Spring sits down with Flashpoint’...
Tenable University: Nessus Certificate of Proficiency
Yesterday I finished "Nessus Certificate of Proficiency" learning plan at Tenable University and passed the final test. Here I would like to share my impressions. First of all, few words about my motivation. I use Nessus literally every day at work. So, it was fun to check my knowledge. I already...