Someone told me the other day that “no-one does SQL Injection by hand any more”. I want to tell you about a SQL Injection bug that I found…

During a recent webapplication testing I decided to perform some fuzzing of certain paths within the URI of a CMS and happened to find a potential SSTI (server side template injection) within one of t

Source code for Pegasus, a banking Trojan, was recently published online. Although the Carbanak cybercrime gang was referenced in the arch...

We have a new Security Header!! Feature Policy will allow a site to enable or disable certain browser features and APIs in the interest of better security and privacy. Let's take a look! Feature Policy Feature Policy is being created to allow site owners…

NEWS RELEASE FOR IMMEDIATE RELEASEJuly 26, 2018   NCSC Releases 2018 Foreign Economic Espionage in Cyberspace Report The National Counterintellig...

Avecto Defendpoint is an endpoint protection product which, according to the Avecto website, will: “Prevent breaches without hindering productivity. Avecto combines best-in-class privilege manageme…

Check Point Research has uncovered a large Malvertising campaign that starts with thousands of compromised WordPress websites, involves multiple parties in the online advertising chain and ends with distributing malicious content, via multiple Exploit Kits…

Ah the old “try harder” wisdom nugget. If taken in the right context, it is a slogan to live by. Unfortunately, most people don’t take it…

With the help of a specifically crafted YARA rule developed by NVISO analysts, we found multiple certificate files (.crt) that do not contain a certificate, but instead a malicious PowerShell scrip…

During a Red Team operation, multiple vulnerabilities were discovered in OCS Inventory (version 2.4.1). The following CVEs have been assigned to the vulnerabilities:


CVE-2018-12482 (Multiple SQL Injections in the search engine)

CVE-2018-12483 (Remote…

Have you ever opened Wireshark and thought, “this is nice, but sometimes filtering and following TCP streams is tedious?” If not, open…

Hello friends!

NTT Latest News Release

upash - 🔒Unified API for password hashing algorithms

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

DNS rebinding is a known attack against the same origin policy of modern browsers.  The attack works by abusing DNS where a request wit...