Checkpoint research have published an interesting demonstration of hacking a customer account for an EA online game by chaining together a series of conventional attacks including social engineering, phishing and session high-jacking. What makes this demonstration noteworthy is the use of poor DNS hygiene in order to take control of a subdomain of EA.com. ForRead more
Blog
Formjacking is a type of cyber attack that can be used by an attacker to steal sensitive information that is entered by website users through forms. Most usually this type of attack targets ecommerce sites to obtain payment card details and personal information that are entered by customers; however, Formjacking attacks can target any website whichRead more
A wave of DNS hijack attacks has been sweeping across Europe, the Middle-East and America according to recently published reports from FireEye and Cisco. While the attacks are creative and sophisticated, the root attack vector is often a simple credential compromise to the DNS control panel of an organisation’s domain name registrar. The scale ofRead more
Session Fixation is a type of attack on web application users where an attacker is able to trick a victim into using a Session ID which is previously known to them. When the victim makes use of the known Session ID in their requests to a vulnerable application, the attacker is able to exploit thisRead more
Browser cookies play an important role in nearly all modern websites and applications. From tracking user-interaction through services like Google Analytics, through to maintaining the state of customer shopping carts in eCommerce applications. Cookies can also contain session tokens for web applications to ensure that user sessions are maintained between browser page refreshes. Although securityRead more
