When I was a little girl, I loved playing Where in the World is Carmen Sandiego? and Where in Time is Carmen Sandiego? When my father bought me the MS-DOS versions of those games, I thought it was really cool that each game came with a reference book, The […]
In this part of the Website Hacking series we are going to take a look at how to minimize damages from XSS attacks considering our web application can at some point become vulnerable to this type of attacks (HttpOnly cookies are going to be discussed). We are going to […]
A file inclusion vulnerability allows an attacker to access unauthorized or sensitive files available on the web server or to execute malicious files on the web server by making use of the ‘include’ functionality. This vulnerability is mainly due to a bad input validation mechanism, wherein the user’s input […]
Sony Pictures corporate network compromised by a major cyber attack
At the end of November, computer systems at the corporate network of Sony Pictures were breached and taken offline by a malware-based attack. TheNextWeb portal was one of first outlets to publish the news. Sony Pictures Entertainment manages distribution of […]
On October 6th 2014, buzzfeed.com published a report stating that Titan, a company controlling a number of New York City’s phone booth advertising displays, installed tiny wireless devices called beacons in hundreds of phone booths. The beacons pinged out a Bluetooth signal that could be received by mobile […]
The software industry is relentlessly moving toward centralized computing. Due to this trend, software and data are being taken away from conventional computers and positioned in public or private clouds instead. However, Microsoft has been entering into virtual cloud ambience since 2008, by introducing its consumer cloud services […]
You have (probably more than once in your life) keyed in a familiar domain name and ended up in an entirely different page that was not even close to what you had expected. Chances are that you never even noticed the abnormality and you went ahead retyping the domain […]
We have already discussed in my previous articles how to configure Mod Security Firewall with OWASP rules and also analysed the different types of logs which Mod Security generates. While analysing the logs, we have seen that the OWASP rules generate a lot of false positive results, as these […]
In this article, we will dive into the concept of WebSocket introduced in HTML 5, security issues around the WebSocket model, and the best practices that should be adopted to address security issues around WebSocket. Before going straight to security, let’s refresh our concepts on WebSocket.
Why Websocket and Not […]
In the previous article, we had an introduction on how to analyze Android application specific data using Android backup techniques. This article builds on the previous article. We are going to see how local data storage or basic checks that are performed on a local device can be exploited […]
Investments in cybersecurity and physical security are proportionally connected to your organization’s improved financial picture for a long-term perspective. Our digital lives are getting smaller as technology simplifies our communications, but cyber attacks are also prevalent. While the Internet radically changes the way organizations operate globally, from handling sensitive […]
In all of our previous articles so far in this series, we discussed all the examples only on rooted devices and emulators. Generally, there are people who argue that it is not possible to exploit certain vulnerabilities such as insecure data storage on non-rooted devices. In this article, we […]
Regin, a highly advanced spying tool
A few weeks ago, Symantec security firm published the results of its investigation on the backdoor Regin, a highly advanced spying tool used in cyber espionage campaigns against governments, private companies, researchers, private individuals and infrastructure operators worldwide. Regin is considered much more than […]
The era of spear phishing and the waterhole attack, which uses social engineering, has come to an end. Hackers are now moving their tricky brains towards targeted Malvertising — a type of attack that uses online advertising to spread malware. A recent campaign termed “Operation death click” displays a […]
It is true that Java cannot take credit in being among the safest options to use online, due to the vulnerabilities that emerge within its applications on a regular basis. Third-party code libraries are used for enriching Java, and this is the major reason why such an environment is […]
Recently, the Norse DarkWolf Labs noted that the IP address 126.96.36.199 had jumped into the top quadrant for malicious activity. Investigation into the activity and the IP itself highlights the many challenges in accurately attributing such events to known actors, as illustrated in this article.
The IP – assigned to […]
In this article series, we will learn at the various concepts of Android application security while exploiting a vulnerable app InsecureBankv2. We will be looking at all the concepts from a noob’s perspective and hence i would recommend this blog series to beginners as well.
The first thing to do […]
US critical infrastructure under attack
US authorities are warning companies operating in every industry of a significant increase in the number of cyber attacks that target US critical infrastructures every day.
State-sponsored hackers and cyber criminals are constantly targeting control systems and other vital components present into critical infrastructures. The energy […]
Establishing a penetration testing methodology is becoming increasingly important when considering data security in web applications. The more we come to rely on networked communication and cloud-based data systems, the more we leave ourselves vulnerable to potentially damaging cyber attacks by outside parties.
While designing and safeguarding secured systems has […]
A mythological three-headed dog was supposed to guard the gates of Redmond. But it turns out that Kerberos was very poorly implemented in numerous versions of Microsoft Windows.
On November 18th, Microsoft released a crucial security bulletin. A severe vulnerability existed in Windows that can be exploited for privilege escalation […]