The Resurrection of PHPUnit RCE Vulnerability

Once a software patch is released, we tend to believe it means “problem solved”. Most of the time, however, this is not actually the case. Fully solving the problem requires all developers to grab the latest patch version and deploy it in their environment. Since upgrading isn’t an especially...

BitDam Study Exposes High Miss Rates of Leading Email Security Systems

Imagine receiving an email from US VP Mike Pence's official email account asking for help because he has been stranded in the Philippines. Actually, you don't have to. This actually happened. Pence's email was hacked when he was still the governor of Indiana, and his account was used to attempt t...

CryptonDie - A Ransomware Developed For Study Purposes

CryptonDie is a ransomware developed for study purposes. Options --key key used to encrypt and decrypt files, default is random stringrecommended --dir Home directory for the attack, default is / --encrypt Encrypt all files --decrypt Decrypt all files --verbose Active verbose mode, default is Fal...

A week in security (August 26 – September 1)

Last week on Malwarebytes Labs, we analysed the Android xHelper trojan, we wondered why the Nextdoor app would send out letters on behalf of their customers, reported about a study that explores the clickjacking problem across top Alexa-ranked websites, wondered how to get the board to invest in...

Breached Passwords Still in Use By Hundreds of Thousands

Hundreds of thousands of web visitors continue utilizing passwords that have previously been compromised. Worse, they are reusing the breached credentials for some of their most sensitive financial, government and email accounts. That’s according to a new Google study released this week, which wa...

Research on Human Honesty

New research from Science: "Civic honesty around the globe": Abstract: Civic honesty is essential to social capital and economic development, but is often in conflict with material self-interest. We examine the trade-off between honesty and self-interest using field experiments in 355 cities...

Programmers Who Don't Understand Security Are Poor at Security

A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn...

Friday Squid Blogging: Squid Proteins Can Be an Alternative to Plastic

Is there anything squids aren't good for? Academic paper. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Joomla SermonSpeaker 5.9.0 Database Disclosure / SQL Injection

Exploit Title : Joomla SermonSpeaker 5.9.0 SQL Injection / Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 12/02/2019 Vendor Homepage : sermonspeaker.net Software Download Link : github.com/Bakual/SermonSpeaker/archive/master.zip...

How CB LiveOps Helps with Incident Response

Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...

DuckDuckGo study claims Google Incognito searches are not private

By Waqas Google offers customized search results even in Incognito Mode, study. DuckDuckGo claims that Google’s search results aren’t just based on your location data and previous searches normally but also when you are logged out or browsing in incognito mode. It’s a fact that offering...

estudanteinternacional.ulisboa.pt Improper Access Control vulnerability

Open Bug Bounty ID: OBB-673032 Description| Value ---|--- Affected Website:| estudanteinternacional.ulisboa.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score...

Cryptomining scripts will be blocked in upcoming versions of Firefox browser

By Waqas In all the future versions of the Firefox web browser, cryptojacking malware will be blocked. Mozilla, the company behind Firefox browser, announced on August 30 that it is launching an anti-tracking initiative, which will be implemented broadly over the next few months. Firefox has cite...

Rosenbridge - Hardware Backdoors In Some X86 CPUs

project:rosenbridge reveals a hardware backdoor in some desktop, laptop, and embedded x86 processors. The backdoor allows ring 3 userland code to circumvent processor protections to freely read and write ring 0 kernel data. While the backdoor is typically disabled requiring ring 0 execution to...

Cybersecurity Certifications: Why They Matter and How to Know Which Ones To Pursue

Whether you’re just starting off in the cybersecurity field or are already working as a security professional, there are many certifications for you to consider across various specializations and difficulty levels. Not to mention certifications covering a range of disciplines and emerging securit...

ThreatList: A Ranking of Airports By Riskiest WiFi Networks

With time to spare at an airport, fliers don’t think twice about cracking open their laptops and taking advantage of one of many free WiFi hotspots. But they should, warns Coronet. Coronet, which sells wireless network security products, recently published its list of best and worst airport WiFi...

Recovering Keyboard Inputs through Thermal Imaging

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it's interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we huma...

study.sweden.cn XSS vulnerability

Open Bug Bounty ID: OBB-629577 Description| Value ---|--- Affected Website:| study.sweden.cn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Customer data & marketing operations: Keeping your data safe on the journey to GDPR compliance

Emails. Web forms. Events. Oh my! These marketing tactics are all designed to gather, store, and evolve relationships with your prospects, customers, and partners. Often times, they are the first point of contact for your organization from the outside world—and they all feed into your marketing...

[Citrix Gateway Trace Study] – LDAP Authentication

This trace study looks at how LDAP authentication to the Citrix Gateway works, using a user called "garyca" as an example. This example trace was carried out in a practice lab environment with the following IP addresses: VIP:10.90.33.172 NSIP:10.90.41.200 SNIP:192.168.0.2 LDAP/AD server:192.168.0...