Is Physical security missing from your cybersecurity policy?
Physical security is an often forgotten or overlooked part of a corporate cybersecurity policy. To be effective a cybersecurity policy must be able to counter a cyberattack at any stage of what cyber experts call a cyber-kill chain. …
Russian based hacking group REvil carries out attack on American company
Dear reader last week the largest ever ransomware attack took place 1500 companies were infected by the Russian ransomware hacking group REvil when they carried out attack on American based software vendor kaseya the group were able to use zero…
Hosein)root Discovers XSS Vulnerability on Google Earth
On 25 November Hosein)root who asked ICNA publish his true name as Amir Hossein Sharbati on CXSecurity and some other places published his XSS vulnerability that he discovered in Google Earth. The vulnerability is of this nature that if KML…
35/000 Characters Tweet Shocks German Hackers!
Thinking that a person could send a tweet with more than 280 characters is more or less like a dream. One can say that, this is for the first time that a person could go round this limitation. In the…
4TT4CK3R Identifies Flaw in University of Tehran Website
Vulnerability researcher 4TT4CK3R discovered on 23 August a cross-ste scripting vulnerability on website of University of Tehran. He has informed UT of the vulnerability. Although the risk of any damage is small, we should be pleased that our country Iran…
4tt4ck3r Finds Flaw in UK Government Websites
Iranian hacker 4tt4ck3r has previously found Reflected XSS -Cross Site Scripting- vulnerabilities in government websites of the UK as follows : Parliament of the United Kingdom The vulnerable website address is : https://www.parliament.uk/search/results/ The URL of website changed to this type : https://www.parliament.uk/search/results/?q=HellO…
4tt4ck3r Discovers XSS Vulnerability for London University
After some time we are pleased to see return 4tt4ck3r, who has had many successes with XSS vulnerabilities in the past and if God helps hopefully also in the future. The latest vulnerability discovered by 4tt4ck3r is on the website…
ZeroSec Discover Open Redirect Vulnerability in Amazon Simple Storage Service (S3)
ZeroSec (https://t.me/ZeroSecOfficial) hacker Ghostman discovered an open redirect vulnerability in Amazon Simple Storage Service (S3). The vulnerability, which lies in scoping Amazon subdomain s3.amazonaws.com into the main aws.amazon.com/s3, allows the attacker to draw the victim onto a different landing page…
Directadmin ControlPanel DoS and XSS Vulns Exposed By Amir Of The IEDB Team
Iranian security researcher and IEDB Team member/IEDB/IrIsT.ir and Xssed.ir founder Amir has published a DoS vulnerability in the Directadmin ControlPanel software -http://www.directadmin.com- Directadmin is a web hosting control panel for the remote web-based administration of multiple web servers. The vulnerability affects Directadmin…
4TT4CK3R Finds ViewState Bug in UK Geological Society Site
Iranian security researcher 4TT4CK3R has disclosed a vulnerability in the website of the UK’s Geological Society. The web site runs on Windows web server IIS 7.5 with ASP.NET -version 4.0.30319- but does not have the ViewState parameter encrypted. This means that there…