The CWE top 25 is a list of the most common software defects that give rise to CVE being reported. Mitre, the organisation behind the Common Vulnerabilities and Exposures database, has scanned some 25,000 CVE reports logged within their database and the NIST National Vulnerability Database in order to compile the list for 2019. ByRead more
Blog
Vulnerability scanners are tool that identify mis-configured or flawed devices and systems on your network that could be exploited by attackers in order to gain access to your data and systems. In order to successfully infiltrate access your network, an attacker has two questions they want answered: What software and devices are used on theRead more
Atlassian has released new versions of Jira Server and Jira Data Centre that address a critical vulnerability which has lived in the code for almost 8 years. The vulnerability, CVE-2019-11581 is a server-side template injection vulnerability. According to the security advisory from Atlassian: There was a server-side template injection vulnerability in Jira Server and Data Center,Read more
Software Supply chain attacks – do you know what you are importing? Many websites and applications routinely import additional code modules from external repositories. These could be javascript libraries for a webpage or source code for an application. Two recent incidents illustrate the risks of supply chain attacks against the code of your applications andRead more
Checkpoint research have published an interesting demonstration of hacking a customer account for an EA online game by chaining together a series of conventional attacks including social engineering, phishing and session high-jacking. What makes this demonstration noteworthy is the use of poor DNS hygiene in order to take control of a subdomain of EA.com. ForRead more
Formjacking is a type of cyber attack that can be used by an attacker to steal sensitive information that is entered by website users through forms. Most usually this type of attack targets ecommerce sites to obtain payment card details and personal information that are entered by customers; however, Formjacking attacks can target any website whichRead more
A wave of DNS hijack attacks has been sweeping across Europe, the Middle-East and America according to recently published reports from FireEye and Cisco. While the attacks are creative and sophisticated, the root attack vector is often a simple credential compromise to the DNS control panel of an organisation’s domain name registrar. The scale ofRead more
Session Fixation is a type of attack on web application users where an attacker is able to trick a victim into using a Session ID which is previously known to them. When the victim makes use of the known Session ID in their requests to a vulnerable application, the attacker is able to exploit thisRead more
Browser cookies play an important role in nearly all modern websites and applications. From tracking user-interaction through services like Google Analytics, through to maintaining the state of customer shopping carts in eCommerce applications. Cookies can also contain session tokens for web applications to ensure that user sessions are maintained between browser page refreshes. Although securityRead more
