Security

DoS flaw lets attackers crash NodeJS apps via DNS lookups 1 min read

• News
• Security

DoS flaw lets attackers crash NodeJS apps via DNS lookups

Ax Sharma November 20, 2020

NodeJS has released fixes for CVE-2020-8277, a DoS vulnerability that could be triggered via DNS requests.... Read More

Drupal fixes critical Remote Code Execution vulnerability, patch now 2 min read

• News
• Security

Drupal fixes critical Remote Code Execution vulnerability, patch now

Ax Sharma November 20, 2020

Development team behind Drupal, a popular CMS and blogging platform has issued patches for a remote code execution vulnerability, CVE-2020-13671.... Read More

Newly spotted Ethereum vulnerabilities put $1 billion at stake 2 min read

• News
• Security

Newly spotted Ethereum vulnerabilities put $1 billion at stake

Ax Sharma November 16, 2020

Researchers have discovered multiple serious vulnerabilities in Ethereum putting cryptocurrency worth million of dollars at risk... Read More

Tips to prevent malware from infecting your system 4 min read

• Editor's Pick
• Security

Tips to prevent malware from infecting your system

Jack Warner November 11, 2020

With work-from-home on the rise, what are some malware types to look out for? And, what are some best practices to safeguard yourself from cyberattacks?... Read More

SaltStack discloses critical bugs on Election Day 2 min read

• News
• Security

SaltStack discloses critical bugs on Election Day

Ax Sharma November 4, 2020

SaltStack has publicly disclosed 3 vulnerabilities that had been impacting Salt instances for some time. Two of these have been rated as High or Critical.... Read More

Lacework tracks Moobot: botnet that targets vulnerable Docker APIs 2 min read

• Security

Lacework tracks Moobot: botnet that targets vulnerable Docker APIs

Security Report News October 22, 2020

There is an abundance of Mirai-based botnets in the wild however “Moobot”, which targets vulnerable Docker APIs, recently showed up on our radar. This blog... Read More

Bug bounty programs don’t always pay up: researchers 4 min read

• News
• Security

Bug bounty programs don’t always pay up: researchers

Ax Sharma October 21, 2020

It is worth noting that critical exploits could sell on the darknet for far worth more than what a nominal bounty payout may entail. Earlier this year, a Zoom zero-day exploit was being sold for $500,000.... Read More

Palo Alto Networks researcher discovers Linux privilege escalation vulnerability 2 min read

• News
• Security

Palo Alto Networks researcher discovers Linux privilege escalation vulnerability

Ax Sharma October 12, 2020

A privilege escalation vulnerability had been lurking in the Linux kernel all this time until being discovered by a Palo Alto Networks researcher last week.... Read More

Office 365 phishing page evades detection using Google captcha 3 min read

• News
• Security

Office 365 phishing page evades detection using Google captcha

Ax Sharma October 5, 2020

A newly discovered Microsoft Office 365 phishing campaign makes the recipient solve Google reCaptchas to both add some legitimacy to itself and evade detection systems.... Read More

Gravatar API lets you scrape millions of user profiles 2 min read

• Security
• Technology
• Thoughts

Gravatar API lets you scrape millions of user profiles

Ax Sharma October 4, 2020

Italian security researcher, Carlo Di Dato discovered that the hidden URL API routes as those shown below can allow a web scraper or bot to enumerate every single Gravatar profile and collect its public data.... Read More