Home / Security (page 2)

Security

Targeting websites with Password Reset Poisoning

What is Password Reset Poisoning?

Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/[email protected] HTTP/1.1 Host: evilhost.com Notice the difference …

Read More »

Cyber Actors Target Home and Office Routers and Networked Devices Worldwide

Cyber Actors Target Home and Office Routers and Networked Devices Worldwide - blackMORE Ops

DHS and FBI recommend that all SOHO router owners power cycle (reboot) their devices to temporarily disrupt the malware. Network device management interfaces—such as Telnet, SSH, Winbox, and HTTP—should be turned off for wide-area network (WAN) interfaces, and, when enabled, secured with strong passwords and encryption. Network devices should be upgraded …

Read More »

HIDDEN COBRA – FASTCash Campaign targeting banks

This graphic illustrates the way HIDDEN COBRA actors use compromised switch application servers to approve financial transactions

Since at least late 2016, HIDDEN COBRA actors have used FASTCash tactics to target banks in Africa and Asia. At the time of this TA’s publication, the U.S. Government has not confirmed any FASTCash incidents affecting institutions within the United States. FASTCash schemes remotely compromise payment switch application servers within …

Read More »

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.