OWASP TOP 10: Broken Access Control
Update: Broken Access Control is proposed to be number one on the new OWASP Top 10 list of 2021. The group found that 94% of…
Month: May 2023
Scaling & Prioritizing Product Security with Zendesk
Zendesk, Inc. (NYSE: ZEN) is one of the fastest-growing customer support platforms in the world. With over 150,000 customer accounts representing nearly every industry across…
Ex-Uber CSO Avoids Prison Time for Concealing Data Breach
On Wednesday, an ex-Uber CSO was found guilty of federal charges related to payments he secretly approved to hackers who broke into the ride-hailing company…
OWASP TOP 10: XXE – Detectify Blog
Update: The new OWASP Top 10 of 2021 has been proposed, and the new list has moved XXE into the Security Misconfigurations group and ranks…
Twitter says ‘security incident’ exposed private Circle tweets
Twitter disclosed that a ‘security incident’ caused private tweets sent to Twitter Circles to show publicly to users outside of the Circle. Twitter Circle is…
New PaperCut RCE exploit created that bypasses existing detections
A new proof-of-concept (PoC) exploit for an actively exploited PaperCut vulnerability was released that bypasses all known detection rules. The PaperCut vulnerability, tracked as CVE-2023-27350, is…
Juneteenth: HackerOne’s Day for Action
Starting this Friday, June 19th will become HackerOne’s annual Day for Action. For Black Americans and communities of color around the globe, Juneteenth is a…
Over 2 Million WordPress Websites Exposed to XSS Attacks
Patchstack security researchers recently warned that ‘Advanced Custom Fields’ and ‘Advanced Custom Fields Pro’ WordPress plugins are at risk of cross-site scripting attacks (XSS). These…
Drupalgeddon 2.0 (CVE-2018-7600) – Detectify Blog
On March 28th, Drupal released a security update that fixes a critical remote code execution vulnerability nicknamed Drupalgeddon 2.0. Detectify scans your site for this…
Russian ‘Ghost Ships’ Identified Near the Nord Stream Blasts
In December 2020, security giant Mandiant revealed it had been hacked. Its disclosure was the first public sign of the SolarWinds hack, a Russian-orchestrated supply chain…
Announcing the PlayStation Bug Bounty Program
This guest post is authored by Geoff Norton, Senior Director Software Engineering at PlayStation, and was originally published on PlayStation’s blog. At PlayStation, we are…
Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
May 06, 2023Ravie LakshmananAdvanced Persistent Threat An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to…