Many online services use SMS as a user authentication mechanism. But small mistakes are made that will lead to big problems. This is what this article will be about. Introduction This...
As part of their professional activities, pentesters, developers, and security specialists have to deal with such processes as Vulnerability Management (VM), (Secure) Software Development LifeCycle (S-SDLC).These phrases cover different...
It happens that when performing XSS of the reflected type, the parameters go directly to the body of the script tag. This usually means that the exploitation is trivial: encoding...
Content Security Policy (CSP) is an optional security mechanism built into browsers to prevent Cross Site Scripting (XSS). CSP allows you to define whitelisting sources for JavaScript connection, styles, images,...
Insecure Direct Object Reference (IDOR) is a very common flaw in application authorization logic. The potential damage from the operation of IDOR vulnerability can be both minimal and critical. Let’s look at...
Companies are losing a lot of money due to data breaches. According to IBM , the average damage from leaks in 2020 was $ 3.86 million, while half of such incidents...
Information about 533 million users of the social network Facebook ended up in the hands of unknown persons who started trading it through Telegram . This is reported by The Verge, citing data security...
A Mac, running on the newly introduced chip M1, can be hacked via the browser – such a conclusion came researchers in the field of cyber security at Cornell University . Apple’s new computers were...
A database of 21 million users of popular free VPN services for Android is offered for purchase on shady forums. A large-scale data breach was reported by CyberNews. According to the information released...
60% of the most downloaded Android apps have at least one vulnerability, Synopsys found. In total, experts have identified 3,137 unique problems that can lead to data leakage. Russian experts point...