eBook: Security Compliance for CISOs
Security compliance often feels like the ever-present task that looms over every angle of your role as Chief Information Security Officer. Yet, regardless of the…
Month: April 2023
Reflected Cross-Site Scripting in cPanel (CVE-2023-29489) – Assetnote
Summary A reflected cross-site scripting vulnerability can be exploited without any authentication in affected versions of cPanel. The XSS vulnerability is exploitable regardless of whether…
CISOs struggle to manage risk due to DevSecOps inefficiencies
As their hybrid and multicloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip…
Fake Flipper Zero sellers are after your money
Flipper Zero units are being sold on sites not recognized by developers. Stay away! Thanks to Malwarebytes’ Stefan Dasic who provided the research and screenshots…
How to Use Bug Bounty Program Data to Improve Security and Development
At HackerOne’s 2021 Security@ conference, two experienced HackerOne program managers, Allie Lugton and Denzel Duncan held a session on tracking and interpreting data from bug…
Decoy dog toolkit plays the long game with Pupy RAT
We take a look at the discovery of a long running malware toolkit campaign evading detection through its use of DNS. Researchers at Infoblox have…
How to “winterize” and secure your eCommerce website for the holidays
With online retailers and shoppers busy focusing on the upcoming holiday shopping season, cybercriminals are on the hunt for unsuspecting victims to defraud. Don’t worry;…
APC warns about critical vulnerabilities in online UPS monitoring software
In a security notification, APC has warned home and corporate users about critical vulnerabilities in the software used to monitor and control their UPS systems…
Finding XSS in a million websites (cPanel CVE-2023-29489) – Assetnote
cPanel is a web hosting control panel software that is deployed widely across the internet. To be exact, there are about ~1.4 million installations of…
Hacking PrestaShop based eCommerce websites using flaws with CVSS score of 9.9
The fast-paced modern world has made online shopping and selling an essential component of our everyday life. PrestaShop has distinguished itself as the foremost Open…
Update your PaperCut application servers now: exploits in the wild
We take a look at urgent updates needed for users of PaperCut, after two exploits were found in the wild. PaperCut, maker of print management…
Bug Bounty vs. VDP | Which Program Is Right for You?
What Are the Key Differences between Bug Bounty and VDPs? A VDP is a structured method for third parties, researchers, and ethical hackers to report…