India’s SpiceJet Strands Planes After Being Hit By Ransomware Attack
SpiceJet planes have been stranded following a ransomware attack on Tuesday Read More
USN-5449-1: libXv vulnerability
It was discovered that libXv incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute...
CVE-2021-4231
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to...
CVE-2021-34360
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject...
Ransomware demands acts of kindness to get your files back
The great thing about working in the world of cybersecurity is that there’s always something new. You may think you’ve seen it all, and then...
Using 2FA phone numbers for targeted advertising. One of the dumbest ways ever for a company to abuse its users’ trust. Take a bow, Twitter. And have a $150 million fine too.
Twitter has been fined $150 million for using phone numbers submitted by users to boost their security... for targeted advertising. Read More
CWE-99 – Improper Control of Resource Identifiers (‘Resource Injection’)
Description The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an...
CWE-98 – Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
Description The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require,"...
CWE-97 – Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
Description The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI)...
CWE-96 – Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an...
