vBulletin zero-day exploited in the wild in wake of exploit release
An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it …
web application security
Imperva discloses security incident affecting Cloud WAF customers
Imperva, the well-known California-based web application security company, has announced that it has suffered a “security incident” involving its Cloud Web …
Securing modern web apps: A case for framework-aware SAST
If you were to write a web application entirely by yourself, it would be a rather daunting task. You would need to write the UI elements from lower-level APIs, set up and …
Finance knocks business and professional services off top spot in four most attacked industries
Finance is the most attacked sector in EMEA, accounting for 30% of all attacks – compared to 17% globally, according to NTT Security. It knocks business and professional …
Identify web application vulnerabilities and prioritize fixes with Netsparker
In this Help Net Security podcast, Ferruh Mavituna, CEO at Netsparker, talks about web application security and how Netsparker is helping businesses of any size keep their web …
Most Magento shops get compromised via vulnerable extensions
Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. “The …
IIS attacks surge from 2,000 to 1.7 million over last quarter
IIS, Drupal, and Oracle WebLogic web technologies experienced increased attacks in Q2 2018. According to a new threat report from eSentire, IIS attacks showed a massive …
DevOps and digital transformation initiatives are creating insecure apps
WhiteHat Security released its 2018 Application Security Statistics Report, “The Evolution of the Secure Software Lifecycle,” which identifies the security vulnerabilities and …
The ultimate fallout from the Facebook data breach could be massive
Less than a week ago, Facebook announced that unknown attackers have managed to string together three bugs affecting the social media platform, which allowed them to steal …
Python-based attack tools are the most common vector for launching exploit attempts
Hackers have an obvious predilection for Python-based attack tools, says Imperva. “When examining the use of Python in attacks against sites we protect, the result was …
Qualys Community Edition: Discover IT assets, manage vulnerabilities, scan web apps
In this podcast recorded at Black Hat USA 2018, Anthony Mogannam, Product Manager, SME/SMB Solutions at Qualys, talks about issues related to open source software and Qualys …
Access misconfiguration opens 3D printers to remote attacks
Spurred by a report coming from a regular reader, SANS ISC handlers Richard Porter and Xavier Mertens searched for OctoPrint interfaces for 3D printers exposed online and …