Re: Checking existence of firewalled URLs via javascript’s script.onload
Posted by Jonathan Gregson via Fulldisclosure on Apr 28 Hi Georgi, As you suggested, this is a CSRF attack. Using such techniques to attack or...
Minecraft Clones with 35 Million Installs Contained Adware
McAfee discovered HiddenAds Trojan inside 38 copycat mobile games Read More
“Ashamed” LockBit ransomware gang apologises to hacked school, offers free decryption tool
Is it possible ransomware gangs actually do have a heart? Read more in my article on the Hot for Security blog. Read More
CVE-2020-4729
IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker...
Many Public Salesforce Sites are Leaking Private Data
A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity...
Top 10 Malware Q1 2023
In Q1 2023, the quarterly Top 10 Malware remained consistent with the previous quarter, with the majority of malware switching spots. Read More
USN-6047-1: Linux kernel vulnerability
It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker...
#RSAC: AI Dominates RSA as Excitement and Questions Surround its Potential in Cybersecurity
AI tooling was one of the most dominant topics of conversation at RSA 2023 but there is still a long way to go in terms...
CVE-2022-25091
Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the...
#RSAC: Organizations Warned About the Latest Attack Techniques
A range of experts provide insights into new techniques being used by cyber-threat actors Read More