El control d’accés és un aspecte crític per garantir la seguretat de les aplicacions web. Les vulnerabilitats del control d’accés trencat poden portar a l’accés no autoritzat, a la divulgació de dades…
Tag: intelligence
Broken Access Control
El control de acceso es un aspecto crítico para garantizar la seguridad de las aplicaciones web. Las vulnerabilidades de control de acceso incorrecto pueden llevar a accesos no autorizados, divulgación de datos…
Insecure Design – VIDEO
Insecure design and architectural flaws are a new category of risks for 2021, and it is crucial to move beyond “shift-left” in the coding space to pre-code activities critical for the principles…
Injection – VIDEO
Injection attacks pose a significant security threat to modern applications, with SQL, NoSQL, OS command, ORM, LDAP, and EL or OGNL injection being the most common types. Developers and organizations can prevent…
Broken Access Control – VIDEO
Access control is a critical aspect of ensuring the security of web applications. Broken access control vulnerabilities can lead to unauthorized access, data disclosure, and other malicious activities. In the OWASP Top…
Evilextractor: Malware Disguised as Education
A new malware called Evilextractor is being marketed as an educational tool but is being used by threat actors to steal data and files from Windows systems. It contains several modules that…
Bumblebee Malware Targeting Corporate Software
A dangerous malware named Bumblebee is being distributed through Google ads and SEO poisoning that promote popular corporate software such as Citrix Workspace, Cisco AnyConnect, ChatGPT, and Zoom. Bumblebee is a malware…
Unix ‘sudo’ Vulnerability Discovered
Security researchers have discovered a vulnerability in the Unix-based “sudo” command, which allows users to execute commands with root privileges on a Unix-based system. The vulnerability, named CVE-2023–22809, affects sudo versions ≥…
Iran-Linked Group Attacks US Infrastructure
The Iranian government-linked actor, Mint Sandstorm, has been linked to a series of attacks on critical infrastructure in the US from late 2021 to mid-2022, according to the Microsoft Threat Intelligence team….
New updates to VM2 JavaScript vulnerability library
New updates have been released for the vm2 JavaScript library in response to two severe vulnerabilities that could be taken advantage of to escape the sandboxes. Both flaws, referred to as CVE-2023-29199…