-
As a veteran security consultant of 16 years, I have only ever wanted to improve the state of somebody / anybody’s information security. Admittedly, this is a trivial ambition, however, as lame as it sounds, it is one that has kept me enthused to sleep, eat and breathe ‘cyber’ for the better part of my…
·
-
The plan was simple…I would change my Skype profile name and picture to be like the Skype Translator bot, and then, I’d lure an old friend down a twisted rabbit hole of bot-generated insults convincing him with every devious reply that neural networks around the world had unanimously come to the same conclusion…that based on…
·
-
The mission was simple: try to gain unauthorised physical access to the clients headquarters, and if successful, identify as much sensitive data as possible, without touching the network or computers. Our two-man team was assembled and consisted of myself and a colleague, who’ll I’ll only refer to as “Jellybean”. We had 3 days. This is a recounting…
·
-
Operational Security, or OpSec, is a military term that describes the process of identifying and protecting sensitive information, that if otherwise uncovered, would give your adversary an advantage. A familiar example of practicing OpSec in the real-world would be protecting your card pin when using it. Applied to the world of cybersecurity, common OpSec examples…
·
-
A SQL injection vulnerability exists in the /qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics v19.10.6 and earlier that allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter. The high severity issue was reported to the Vendor who implemented a fix (version 19.10.21). QueueMetrics users should upgrade to the latest available version. Date Reported…
-
A SQL injection vulnerability exists at the /queuemetrics/tpf endpoint in Loway QueueMetrics v19.10.6 (and earlier) that allows remote authenticated user to execute arbitrary SQL commands via the TPF_XPAR1 parameter. The high severity issue was reported to the Vendor who implemented a fix (version 19.10.21). QueueMetrics users should upgrade to the latest available version. Date Reported…
-
When anybody says the word “Phishing” the mind jumps to email-based attacks. We all know the kind; aimed at either enticing you to click the link, open the attachment, or follow the instruction. But this is not the only type of Phishing you need to be aware of. Another type of phishing attack can be…
·
-
This post is potentially the first part in a longer multi-part series; it’s going to be informal(ish), and hopefully, provide a useful read for CISO fledglings, newly christened CEO’s, Financial managers (who inexplicably also find themselves as the CIO), SaaS startups, and Software developers in the process of building the next big thing – the…
·
-
A quick post on how to hinder automated attacks against CloudFlare protected sites by implementing rate limits. The ability to perform an automated attack against a web application is a huge bonus for an attacker. If you remove this capability, an attackers ability to perform attacks like brute-forcing account passwords, enumerating files and folders, and…
·
-
A SQL injection vulnerability at /queuemetrics/tpf in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. The high severity issue was reported to the Vendor who implemented a fix. QueueMetrics users should upgrade to the latest available version. Date Reported to Vendor: 16 June, 2019Affected Application: QueueMetrics…
