Blog

The new Gmail allows the user to protect sensitive information by allowing the sender of the email to set an expiration date for each individual message sent to the receiver.       Confidential mode   Users can now enable a 'confidential' option when sending an email which means that recipients can only see the email for a set period of time. Recipients can also be blocked from being able to forward, download or print an email. The new layout will allow users to click on attachments without needing to scroll through large conversations. The snooze butto
GDPR in Short   Any company either based in the EU or which deals with any data involving EU citizens or organizations are required to comply. Under the GDPR, personal data includes anything that might identify an EU citizen, including IP addresses and cookie IDs. Companies will now need to report incidents that could risk customer data to their country’s Data Protection Authority within 72 hours of discovery. For major breaches, the affected company has an additional requirement of informing their customers or users themselves.   Application Security Requirements
A 16 years old high school student from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access to users, as well as access multiple user accounts. Student told the authorities that he hacked Apple because he was a huge fan of Apple and he always wanted to work with them. The embarrassing part he hacked the company's servers not once, but multiple times over the course of more than a year, and Apple's system administrators failed to stop their users' data from being stolen.
In December-2016, attackers were exploiting misconfigured open-source MongoDB databases and holding them for ransom. Bitcoin chart The ransomware attacks against MongoDB were first publicly reported by GDI Foundation security researcher Victor Gevers on Dec. Bitcoin exchange chart 27, 2016, and have been steadily growing ever since, with at least five different groups of hackers taking control of over 10,000 database instances. Mongo databases which were not password protected have paid heavy price for this vulnerability. Well it was not a vulnerability. Vulnerability is a quality or state
WannaCry is the ransomware computer worm that targets computers running Microsoft Windows. Initially, the worm uses the EternalBlue exploit to enter a computer, taking advantage of a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. It installs DoublePulsar, a backdoor implant tool, which then transfers and runs the WannaCry ransomware package. It is also being called WanaCrypt0r 2.0.     Main Functionality   The WinMain of this executable first tries to connect to the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com.
Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution   Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. It’s common to see subtitle files (usually a .srt or .sub) included in torrents and other less-than-legal movie downloads
A seven-year-old remote code execution vulnerability that is affecting Samba versions 3.5.0 and higher is making news this week. The vulnerability is billed as the WannaCry equivalent for *nix operating systems, and some are even calling it SambaCry since it affects the SMB protocol implementation and is potentially wormable – which can cause it to spread from system to system. A malicious samba client that has write access to a samba share could use this flaw to execute arbitrary code typically as root. Points : 1. CVE-2017-74942 has a CVSS Score of 7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:
Research Team is working to make this place better and safer   Once upon a time, an old man walked down a Spanish beach at dawn, he saw ahead of him what he thought to be a dancer. The young man was running across the sand, rhythmically bending down to pick up a stranded starfish and throw it far into the sea. The old man gazed in wonder as the young soul again and again threw the small starfish from the sand into the water. The old man approached him and asked why he spent so much energy doing what seemed a waste of time. The young man explained that the stranded starfish would di
What is webRTC WebRTC (Web Real Time Communication) is an Application Programming Interface (API) developed by the W3C that is still on development and being standardized by the RTCWEB IETF group. Its main goal is to allow peer-to-peer communication between web browsers. This communication can be used to transfer multiple type of data: files, video or audio.   Why it is important WebRTC is an API that allows you set up a channel of communication between browsers for video and data. It is built directly into browsers (Chrome, Mozilla, Opera, and a few others), so no external pl
What is X XSS protection? The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user. This header is supported in IE 8+, and in Chrome (not sure which versions). The anti-XSS filter was added in Chrome 4. Its unknown if
Page 1 of 212