New CVE Numbers by WebSec. CVE Number: CVE-2020-25472 Vulnerability Name: Cross-Site Request Forgery Vendor: SimplePhpScripts Software Name: News Script PHP Pro Patched in: Latest Version Impact: State Changing Request Forgery Risk: High CVE Number: CVE-2020-25473 Vulnerability Name: Missing HttpOnly from Session Cookie Vendor: SimplePhpScripts Software Name: News Script PHP Pro Patched in: Latest Version Impact: inline scripts can read the session cookie Risk: Low CVE Number: CVE-2020-25474 Vulnerability Name: Stored Cross-Site Scripting Vendor: SimplePhpScripts Software Name: News Script PHP Pro Patched in: Latest Version Impact: Account Takeover if Chained together with the CSRF, otherwise the impact is a Self Stored XSS Risk: High CVE Number: CVE-2020-25475 Vulnerability Name: SQL Injection Vendor: SimplePhpScripts Software Name: Event Script Patched in: Latest Version Impact: SQL Injection Risk: High
WebSec B.V.’s Post
See other posts by WebSec B.V.
-
-
Report this postReport
Report
Ever wondered what the hype is about PGP or what the term even means? In today's article we will explain this in detail and give a demo of how it looks like. Want to know more? Read the full article on our blog: https://lnkd.in/eTNFDTRf #pgp #cryptography #security #infosec #websec #gpg #communication #cybersecurity #crypto #safety
To view or add a comment, sign in
-
-
-
Report this postReport
Report
In the spring of 2014, specialists from Kaspersky Lab studied a number of bizarre ATM events. Several ATMs belonging to a Ukrainian bank occasionally began dispensing cash for no apparent reason, and random passers-by who happened to be there pocketed the money and walked away. On the computer of the bank, to which these ATMs were connected by VPN, a new Trojan was detected and given the name Carbanak by the analysts who discovered it. In this two part article we will take a dive into the Carbanak Source Code and explain exactly what it does and how it works. Read full article (Part 1 / 2): https://lnkd.in/em_964A6 #carbanak #bankingtech #financialsecurity #security #infosec #cybersecurity #codereview #websec #informatiebeveiliging
Classic Malware: Carbanak
websec.nl
To view or add a comment, sign in
-
-
-
Report this postReport
Report
In this post, we will investigate the concept of a reverse shell and examine some examples of its application in practice by making use of netcat and socat. Read the full article at: https://lnkd.in/ehtpjp7X #netcat #socat #reverseshell #exploitation #ethicalhacking #cybersecurity #whitehat #informationsecurity #infosec #cyber #websec zhassulan zhussupov
Reverse shells and cats (netCAT, soCAT)
websec.nl
To view or add a comment, sign in
-
-
-
Report this postReport
Report
In the first part, we described the installation logic, privilege escalation, main dropper and injection. Now, we will focus our investigation on infection logic and rootkits. Let's go! #stuxnet #malware #informationsecurity #redteaming #securityanalysis #infosec #cybersecurity #ethicalhacking #websec Full article at: https://lnkd.in/eixyHrdQ
Malware Analysis example. Classic case: Stuxnet. Part 2
websec.nl
To view or add a comment, sign in
-
-
-
Report this postReport
Report
Almost every war has a starting point - a precedent, a provocation, or something else from which it is customary to count the beginning of the conflict. However, no one knows when the first war in human history occurred. From the conflict between two ape tribes at the very beginning of civilization? During the initial conflict between Cro-Magnons and Neanderthals? However, unnoticed by the general public, the daily cyberwars of the twenty-first century have begun. We will tell you the story about it - the story of the virus that started everything, the story of Stuxnet. Read Article: https://lnkd.in/ezpkchtm #stuxnet #malware #infosec #analysis #security #cybersecurity #websec #informatiebeveiliging zhassulan zhussupov
Malware Analysis example. Classic case: Stuxnet
websec.nl
To view or add a comment, sign in
-
-
-
Report this postReport
Report
One of the most common malware delivery methods is 'PDF Files' , they are easily sent through e-mails and often get passed virus detections. In this technical article we will do static analysis of PDF files, including static analysis of embedded strings in order to identify suspicious aspects and to conclude if its malicious or not. Link: https://lnkd.in/eBKwaEK6 #malware #codereview #malwareanalysis #forensics #digitalforensics #cybersecurity #infosec #informationsecurity #itsecurity #security #codeanalysis #pdf
Static malware analysis of PDF files
websec.nl
To view or add a comment, sign in
-
-
-
Report this postReport
Report
Static malware analysis is a technique for analyzing malicious software without actually executing it. This approach allows security researchers to uncover potential threats and vulnerabilities within a piece of code, without exposing the system or network to any potential harm. By examining the code itself, static analysis can provide valuable insights into the behavior and functionality of malware, allowing security professionals to better understand and defend against it. In todays article we will explain exactly how to perform static malware analysis in order to analyse, identify and determine the true purpose of suspicious files. Link: https://lnkd.in/ednad3XB #reverseengineering #malwareanalysis #codereview #security #malware #blueteaming #blueteam #forensics #itforensics #cyverforensics #cybersecurity #infosec #websec #informatiebeveiliging
Intro to static malware analysis
websec.nl
To view or add a comment, sign in
-
-
-
Report this postReport
Report
When an application dynamically loads a dynamic link library (DLL) without specifying a fully qualified path, Windows tries to locate the DLL by searching a well-defined set of directories. A malicious copy of the DLL can be loaded into the application's memory instead of the legitimate DLL whenever an attacker manages to take control over one of these folders. In todays article we will explain exactly what DLL Hijacking is and how it works. Link: https://lnkd.in/eUSmZvbS #cybersecurity #ethicalhacking #pentesting #redteaming #codereview #infosec #websec #hacking #informatiebeveiliging #dllhijacking #learnsecurity #tryharder #securitymanagement #CybersecurityTips
What is DLL Hijacking? And How Does it Work?
websec.nl
To view or add a comment, sign in
-
-
-
Report this postReport
Report
Are you searching to learn how to break into cybersecurity? Search no further! This article is for you. It covers everything you need to know about getting into cybersecurity, including the state of the industry, requirements, how to land a high-paying job, certifications, skills required, cybersecurity career path, and more. #cybersecurity #security #informatiebeveiliging #ethicalhacking #tryharder #infosec #whitehat #informationsecurity #securitymanagement #learnsecurity #securitycareers #securityjobs #jobsthatmatter #jobs https://lnkd.in/eFwe7qWS
How to Get Into Cybersecurity
websec.nl
To view or add a comment, sign in
-
-
-
Report this postReport
Report
We are happy to announce that starting from last week we are an official sponsor of HackTricks. HackTricks.xyz is currently one of the largest digital learning sources for security testing techniques, methods and tricks. HackTricks serves as the main starting point for the career of many security experts. At WebSec we find these goals very inspirational and therefore we would like to invest in the further growth and development of this community. To learn more about HackTricks visit their website: https://lnkd.in/gGDNVB2 #hacktricks #whitehat #pentest #hacking #cybersecurity #infosec #informatiebeveiliging #ethicalhacking #websec Carlos P. #pentesting #security #securitymanagement
HackTricks
book.hacktricks.xyz
To view or add a comment, sign in
-