200 matches found
XSS Vulnerability in JIRA Issue Export
A search endpoint is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and load balancers will decode URL data by default. see http://stackoverflow.com/questions/31266629/nginx-encoding-normalizing-part-of-uri...
XSS Vulnerability in JIRA Issue Export
A search endpoint is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and load balancers will decode URL data by default. see http://stackoverflow.com/questions/31266629/nginx-encoding-normalizing-part-of-uri...
Data Breaches and Credential Stuffing: Don't Get TKOd
It has been a very rough month for the information security community. It feels like we've been on the losing end of a championship fight against Floyd Mayweather. The body shots started with Equifax https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000628 and continued with...
EternalBlue Exploit Used in Retefe Banking Trojan Campaign
Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue. The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal an emerging trend, said researchers a...
[SECURITY] Fedora 25 Update: wget-1.18-3.fc25
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...
Run HTTP Flood DDoS Attacks: Wreckuests
Stress Testing: Run HTTP Flood DDoS Attacks Wreckuests is a script, which allows you to run DDoS attacks with HTTP-floodGET/POST. It’s written in pure Python and uses proxy-servers as “bots”. This script is published for educational purposes only! Features Cache bypass with random ?abcd=efg...
XSS Vulnerability in jira.issueviews:searchrequest-xml
The endpoint /sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml/|https://jira.uberinternal.com/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml/-- is vulnerable to an XSS injection in certain cases. Normally, the browser will urlencode its requests, but some proxy servers and...
Details Around Romanian Phishing Kit Creator, Campaign Revealed
Researchers explained how they traced a cybercriminal’s tracks through a series of proxies, compromised web servers, and poorly secured routers. The suspect hasn’t been apprehended yet, but could be behind a larger campaign, they said. Peter Kruse and Jan Kaastrup, researchers with Denmark’s CSIS...
UBUNTU-CVE-2016-8743
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...
Using VPN in the UAE? You'll Be Fined Up To $545,000 If Get Caught!
If you get caught using a VPN Virtual Private Network in Abu Dhabi, Dubai and the broader of United Arab Emirates UAE, you could face temporary imprisonment and fines of up to $545,000 Dhs2 Million. Yes, you heard that right. Online Privacy is one of the biggest challenges in today's interconnect...
[SECURITY] Fedora 22 Update: wget-1.18-1.fc22
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...
Underground Market Selling Cheap Access to Hacked Servers
Criminals and advanced attackers for two years have had at their disposal an extensive trading platform selling access to hacked servers worldwide. For as little as $6 USD, attackers can purchase access to a compromised machine and launch attacks or get a one-time peek at all the data on a server...
[SECURITY] Fedora 22 Update: wget-1.16.3-2.fc22
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...
[SECURITY] Fedora 23 Update: wget-1.17-1.fc23
GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...
Researchers Disrupt Angler Exploit Kit, $60 Million Ransomware Campaign
Researchers took a big step towards eradicating the Angler exploit kit, disrupting a large ransomware campaign connected to it that purportedly netted a hacker more than $30 million annually. According to a report published today, experts with Cisco’s Talos Security Intelligence and Research Grou...
CVE-2015-5912
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses...
Design/Logic Flaw
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses...
Code injection
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...
CVE-2015-5841
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...
Double the bang for your buck with Acunetix Vulnerability Scanner
Acunetix have announced that they are extending their current free offering of the network security scan, part of their cloud-based web and network vulnerability scanner. Those signing up for a trial of the online version of Acunetix vulnerability scanner will now be able to scan their perimeter...