avaandmed.rik.ee Improper Access Control vulnerability OBB-3829713

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Xerte 3.9 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Xerte 3.9 - Remote Code Execution RCE Authenticated Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.8.5-33.zip Version: up until version 3.9 Tested on: Windows 10 XAMP CVE :...

#LetsTalkSecurity: The New Digital Normal

Let's Talk Security: Season 02 // Episode 03: Host, Rik Ferguson, interviews Founder & CEO of MyConnectedHealth, Tyler Cohen Wood. Together they discuss the new digital normal...

#LetsTalkSecurity: Adapt or Die

Let's Talk Security: Season 02 // Episode 02: Host, Rik Ferguson, interviews Forrester Analyst, Allie Mellen. Together they discuss to adapt or die...

#LetsTalkSecurity: Transformational Security

Let's Talk Security: Season 02 // Episode 01: Host, Rik Ferguson, interviews Business Information Security Officer from S Global Ratings, Alyssa Miller. Together they discuss transformational security...

CISO MAG Honors KrebsOnSecurity

CISO MAG, a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of "Cybersecurity Person of the Year" in its December 2019 issue. KrebsOnSecurity is grateful for the unexpected honor...

Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065

This module does not safely deal with serialization. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes. Versions affected Session Cache API 7.x-1.4 Drupal core is not affected. If you do not use the contributed...

Security is Broken

If the events of the last few months have served any purpose, it’s to illustrate once again that security is broken. This isn’t a new sentiment and few of the problems plaguing users and enterprises today are new, either. In this video, longtime security consultant and writer Rik Farrow outlines...

Hackers Plan Christmas Data Attacks via Social Media Apps

Hackers are planning to increase data security attacks via applications on social networking websites this Christmas, according to an expert. Earlier this month, IT security firm Sophos traced the history of malware and viruses created over the Christmas period from 1987 until 2009. The blog post...

Our security model is broken

This Google TechTalk features Rik Farrow, a longtime security consultant and author, discussing the fundamental flaws in the current security model on the Internet and the desktop...