An information disclosure vulnerability has been patched in Ninja Forms, the form-building plugin for WordPress with more than one million active installations. An authenticated attacker who abuses the flaw could export personal data submitted to websites via forms built with the extension. The plugin’s developer, Saturday Drive, addressed the flaw in version 3.5.8, which […]
Qualys, a leading provider of disruptive cloud-based IT, security, and compliance solutions, announced the availability of its Ransomware Risk Assessment Service to provide companies with visibility into their ransomware exposure and automate the patching and configuration changes needed to reduce risk immediately. Unpatched vulnerabilities, device misconfigurations, internet-facing assets, and unauthorized […]
A novel alternative to traditional HTTP request smuggling that spotlighted an obsolete, hitherto obscure protocol has been recognized as 2020’s top web hacking technique.HTTP/2 cleartext (H2C) smuggling abuses H2C-unware front-ends to create a tunnel to backend systems, enabling attackers to bypass frontend rewrite rules and exploit internal HTTP headers. Conceptually similar to, […]
ionCube is a commercial software suite consisting of a PHP encoder, package foundry, bundler, a real time site intrusion detection and error reporting application as well as a loader. PHP encoder is an application for PHP software protection: used to secure, encrypt and license PHP source code. ionCube loader is an extension used […]
As a Linux system admin we generally face low disk space issues. By implementing the user and group disk quota on the file system we can resolve the space issue. Quota restricts the users to use only allowed disk and inodes on the particular file system. In this post we […]
When performing an intrusion test, or a Red Team operation, multiple tools (webshells, proxysocks to tunnel TCP traffic on HTTP and pivot, etc.) tend to be deployed on compromised web servers as custom scripts. In some cases these servers may be more or less bastioned, making somewhat difficult to compromise […]
What is Security Testing? Security testing is performed to ensure that the data within an information system is protected and is not accessible by unauthorized users. It protects the applications against serious malware and other unanticipated threats that may crash it. Security testing helps to figure out all the loopholes […]
What is code injection? code injection, also called Remote Code Execution (RCE), occurs when an attacker exploits an input validation flaw in software to introduce and execute malicious code. Code is injected in the language of the targeted application and executed by the server-side interpreter for that language – PHP, […]
Every day we hear of a new technological invention — to the extent that many important processes, like bank transactions, information exchanges, and messaging have all become digital. However, with increased digitization comes increased security threats, especially from hackers. When building a confidential data-based system, you must make sure it […]
Two vulnerabilities in the Gutenberg Template Library & Redux Framework plugin have been discovered to be vulnerable. Over 1 million sites are affected A third party WordPress Gutenberg Template Library plugin with over a million users was discovered to have two vulnerabilities. Successful exploitation of these vulnerabilities could create an […]
