Blog

Is Zoom safe?

Is Zoom safe?

Following lockdowns and work from home protocols across the world, there’s one software that’s seen a boom in the past month Zoom reportedly grew X since XY But you probably knew that already After all, it was hard to avoid people posting screenshots of their zoom conversations all over social media As such, it should also come as no surprise that Zoom is raising some serious security...

Read More →

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait

As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns Now, according to a new report published by Check Point Research today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own...

Read More →

What Are JSON Injections

What Are JSON Injections

The term JSON injection may be used to describe two primary types of security issues: Server-side JSON injection happens when data from an untrusted source is not sanitized by the server and written directly to a JSON streamClient-side JSON injection happens when data from an untrusted JSON source is not sanitized and parsed directly using the JavaScript eval function What Is JSON JSON (JavaScript...

Read More →

7 Steps to Avoid Uncoordinated Vulnerability Disclosure

7 Steps to Avoid Uncoordinated Vulnerability Disclosure

Imagine the following situation You work as a security manager for a company that owns the website wwwexamplecom One day, your sales department receives an email from an unknown individual The sales department forwards it to you The email has the following content: You examplecom/loginphp page break Send XSS </script><img/%00/src="worksinchrome:prompt(1)"/%00/onerror=’eval(src)’><img/ src=`~`...

Read More →

Session Hijacking and Other Session Attacks

Session Hijacking and Other Session Attacks

Session IDs are a tasty treat for malicious hackers Once an attacker gets their hands on a session ID, they can get unauthorized access to a web application and fully impersonate a valid user In general, there are three primary methods to obtain a valid session ID: Guessing a valid session ID (session prediction)Creating a valid session ID and tricking the user into using it (session fixation)Obtaining a valid...

Read More →