Article: Finding and Exploiting Same Origin Method Execution vulnerabilities - published almost 9 years ago.
Content: Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick a user to v...
Copy Link: https://penturalabs.wordpress.com/2015/12/30/finding-and-exploiting-same-origin-method-execution-vulnerabilities/   
Published: 2015 12 30 23:37:46
Received: 2023 12 16 16:00:53
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security

Article: SNMPPLUX - published over 8 years ago.
Content: Pentura continually develop new tools and scripts to improve the effectiveness of the team. One such tool called SNMPPLUX is an offshoot of a larger development project (ORR). SNMPPLUX is a USM compliant SNMPv1, SNMPv2c and SNMPv3 authentication scanner powered by pysnmp, re, sys, getopt, array, time and multiprocessing python modules. As well as providin...
Copy Link: https://penturalabs.wordpress.com/2016/04/01/snmpplux/   
Published: 2016 04 01 08:21:28
Received: 2023 12 16 16:00:53
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security

Article: Shell Shock Rapid 7 Threatsweeper - published about 10 years ago.
Content: By now, you may have heard about CVE-2014-6271, also known as the “bash bug“, or even “Shell Shock”, that may affect your organisation. It’s rated the maximum CVSS score of 10 for impact and ease of exploitability. The affected software, Bash (the Bourne Again SHell), is present on most Linux, BSD, and Unix-like systems, including Mac OS X. New packages were...
Copy Link: https://penturalabs.wordpress.com/2014/09/26/shell-shock-rapid-7-threatsweeper/   
Published: 2014 09 26 09:27:31
Received: 2021 06 06 09:04:46
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security

Article: New security flaw uncovered in WordPress - published about 10 years ago.
Content: Researchers have revealed a potentially serious flaw in WordPress software, that allows hackers to search for abandoned or inactive WordPress sites before mounting phishing attacks aimed at enticing users to install infected updates.  Hackers can then quickly hijack the website and direct visitors to deliver malicious content. WordPress is by far the most po...
Copy Link: https://penturalabs.wordpress.com/2014/10/03/new-security-flaw-uncovered-in-wordpress/   
Published: 2014 10 03 14:19:49
Received: 2021 06 06 09:04:46
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security

Article: AT&T suffers insider data breach - published about 10 years ago.
Content: AT&T has become the latest multinational company to suffer a data breach after one of its own employees gained access to customer data. The US mobile telecoms giant has started informing around 1,600 customers in Vermont that their personal data was breached in August. In a letter posted on the Vermont government’s website, AT&T confirmed that a form...
Copy Link: https://penturalabs.wordpress.com/2014/10/09/att-suffers-insider-data-breach/   
Published: 2014 10 09 14:32:02
Received: 2021 06 06 09:04:46
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security

Article: Kmart hit by card hack attack - published about 10 years ago.
Content: It’s been revealed that a data breach at US retail chain Kmart that compromised card details lasted over a month. The discount department store said that the malware was discovered last week but had been operating since early September. Based on its investigation so far, the company said that it believes credit and debit cards were exposed but that no person...
Copy Link: https://penturalabs.wordpress.com/2014/10/22/kmart-hit-by-card-hack-attack/   
Published: 2014 10 22 15:20:17
Received: 2021 06 06 09:04:46
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security

Article: Research Reveals Cost of Online Fraud to UK - published about 10 years ago.
Content: This week has been Get Safe Online Week and to coincide with the event, the National Fraud Intelligence Bureau researched cyber-crime in the UK. The research found that over the last year, the ten biggest online scams cost victims over £670m – although the actual figure is thought to be significantly higher than that due to unreported crimes. A separate poll...
Copy Link: https://penturalabs.wordpress.com/2014/10/30/research-reveals-cost-of-online-fraud-to-uk/   
Published: 2014 10 30 10:21:43
Received: 2021 06 06 09:04:46
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security

Article: Most businesses do not understand data breach risks - published almost 10 years ago.
Content: Research by HP has uncovered a lack of understanding among businesses of the risks associated with data breaches. More than 70% of US and UK executives surveyed by the Ponemon Institute said that their organisation does not understand fully the dangers of breaches, while less than half of top executives and board members are kept informed about the response ...
Copy Link: https://penturalabs.wordpress.com/2014/11/07/most-businesses-do-not-understand-data-breach-risks/   
Published: 2014 11 07 16:19:54
Received: 2021 06 06 09:04:46
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security

Article: [IRCCloud] Inadequate input validation on API endpoint leading to self denial of service and increased system load - published about 9 years ago.
Content: So as you do, I was just looking around, manually fuzzing some Web Sockets requests, seeing if I could get any sort of XSS, Remote IRC Command Injection or SQLi mainly – ended up that I didn’t find much there that worse worth noting. So I started seeing if their logic was all alright, so one of their requests looked similar to: {“_reqid”:1234, “cid”:5678, “t...
Copy Link: https://penturalabs.wordpress.com/2015/10/13/fuzzing-for-fun-and-profit/   
Published: 2015 10 13 12:04:47
Received: 2021 06 06 09:04:46
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security

Article: [IRCCloud] History and Another XSS Bug Bounty - published about 9 years ago.
Content: Personally, I have been a user of IRC since 2004 on some private networks and some other well-known ones such as Freenode. However, it was always inconvenient to have to set up an IRC Bouncer, so when IRCCloud came around, I was excited to try it and see if it provided me with a method of staying connected to all the required networks without having to downl...
Copy Link: https://penturalabs.wordpress.com/2015/10/14/irccloud-history-and-another-xss-bug-bounty/   
Published: 2015 10 14 10:50:15
Received: 2021 06 06 09:04:46
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security

Article: Finding and Exploiting Same Origin Method Execution vulnerabilities - published almost 9 years ago.
Content: Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick a user to v...
Copy Link: https://penturalabs.wordpress.com/2015/12/30/finding-and-exploiting-same-origin-method-execution-vulnerabilities/   
Published: 2015 12 30 23:37:46
Received: 2021 06 06 09:04:46
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security

Article: SNMPPLUX - published over 8 years ago.
Content: Pentura continually develop new tools and scripts to improve the effectiveness of the team. One such tool called SNMPPLUX is an offshoot of a larger development project (ORR). SNMPPLUX is a USM compliant SNMPv1, SNMPv2c and SNMPv3 authentication scanner powered by pysnmp, re, sys, getopt, array, time and multiprocessing python modules. As well as providin...
Copy Link: https://penturalabs.wordpress.com/2016/04/01/snmpplux/   
Published: 2016 04 01 08:21:28
Received: 2021 06 06 09:04:46
Feed: Pentura Labs's Blog
Source: Pentura Labs's Blog
Category: Cyber Security
Topic: Cyber Security