Laravel Security Best Practices

<form name="myForm"> <input type="text" /> @csrf <!-- Other inputs can come here--> </form>

Google’s Waze Can Allow Hackers to Identify and Track Users

A security researcher found a vulnerability in Google's Waze, a GPS navigation software, that can allow hackers to track and identify users by their location. Security DevOps engineer Peter Gasper discovered a flaw in the API that lets hackers track movements of drivers and identify the users.

Critical Flash Player Flaw Opens Adobe Users to RCE

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player.

Microsoft Exchange Servers Still Open to Actively Exploited Flaw

Despite Microsoft issuing patches almost eight months ago, 61 percent of Exchange servers are still vulnerable. Researchers warned in a March advisory that unpatched servers are being exploited in the wild by unnamed APT actors.

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he's faced, reporting CVEs since 1994.

HTB Admirer [Writeup]

For this machine, using gobuster command exposed the credentials to access the open FTP port which led to finding out about the vulnerable MySQL database that allows foreign server to import arbitrary data exposing credentials.

Firefox 81 Release Kills High-Severity Code-Execution Bugs

Mozilla has fixed three high-severity flaws with the release of Firefox 81 and Firefox ESR 78.3. Mozilla patched high-severity vulnerabilities with the release of Firefox 81 and Firefox ESR 78.3, including several that could be exploited to run arbitrary code.

Web Application Vulnerabilities and Attack Prevention

Learn about web application attacks and how to prevent them. A website is an application that you can access and browse on your device through a web browser. It has two main components running in the background: a web server and a database.

Go Modules Security

Better understand the security aspects of Go modules. Know more about the Go Module vulnerabilities and solutions.

How I hacked redbus [An online bus-ticketing application]

[I drafted this writeup 2 years ago. As it took a long time for the patch, posting it now] . It was a usual fresh and sleepy monday morning . I reached my desk and checking mails.

Second Order SQL Injection - Something Is Hidden Inside

Everyone knows what is SQL Injection, but just to give you a brief about SQL Injection, it is a code injection technique that might destroy your database. It usually occurs when you ask user for input, like their username or userid, and instead of a name or id, the user gives you SQL statement that you will unknowingly run on your database.

Cisco Critical Flaw Patched in WAN Software Solution

Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS), software for optimizing WAN on virtual private cloud infrastructure.

Researchers Warn of Flaw Affecting Millions of IoT Devices

A patch has been issued for the flaw in a widely-used module, and researchers are urging IoT manufacturers to update their devices ASAP.

Black Hat 2020: 'Zero-Click' MacOS Exploit Chain Uses Microsoft Office Macros

At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft's malicious macros protections to infect MacOS users.

Netgear Won't Patch 45 Router Models Vulnerable to Serious Flaw

Almost two months after a high-severity flaw was disclosed – and seven months after it was first reported – Netgear has yet to issue fixes for 45 of its router models.

Microsoft Revamps Windows Insider Preview Bug Bounty Program

Researchers can earn up to $100,000 for finding vulnerabilities in Microsoft's revamped Windows Insider Preview bug bounty program.

Server Side Request Forgery — SSRF

Server side request forgery is one of the web vulnerabilities which allows an attacker to use the backend server to make unintended requests to the internal systems.

Meetup Critical Flaws Allow 'Group' Takeover, Payment Theft

Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup "Groups."

Critical Cisco Flaw Fixed in Data Center Network Manager

The flaw could allow a remote, unauthenticated attacker to bypass authentication on vulnerable devices.

Cisco, Zoom and Others Must Bolster Security, Say Privacy Chiefs

Privacy commissioners worldwide urged video conferencing systems like Microsoft, Cisco and Zoom to adopt end-to-end encryption, two-factor authentication and other security measures.