OTP-SMS-Insecure?

Back in 2016, there was a news based on NIST publication, that SMS based Second Factor Authentication (2FA) is no more secure as it can be intercepted and there is no way for the application owner to confirm if the OTP sent to the designated user was the actual user who passed it back to […]

The RIGHT way of Password Hashing !

If you’re a web developer, you’ve probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users’ passwords if your website is ever breached. The best way […]

Let’s Encrypt Wildcard SSL Certificate using CERTBOT

What is a Wildcard Certificate? In computer networking, a wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain. The principal use is for securing web sites with HTTPS, but there are also applications in many other fields. Compared with conventional certificates, a wildcard certificate can be cheaper and more convenient than a certificate for […]

LinkedIn Autofill Vulnerability (Fixed !)

Not just Facebook, a new vulnerability discovered in Linkedin’s popular AutoFill functionality found leaking its user’s sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, […]

WhiteRose Ransomware

Introduction and Details WhiteRose ransomware  crypto-extortion encrypts user data with AES, and then requires a redemption in #Bitcoin(BTC) to decrypt the files. File naming pattern: randomname_ENCRYPTED_BY.WHITEROSE Example of an encrypted file: BT2cJMtNeYlaKJHP_ENCRYPTED_BY.WHITEROSE The activity of this crypto-extortioner is now being seen in the second half of March 2018. It is oriented towards English-speaking users, which […]

Facebook – You scraped our Calls & Messages too !

Facebook’s recent controversies relating to Cambridge Analytica, consumers have been looking closer at the data Facebook collects from its users. You can take a look at all of the data Facebook has collected from you over the years at this webpage which is a lot—wall posts, photos, videos, messages and more. While it may be pretty scary how […]

ISRO infected by XTREMERAT | Source: INDIAN DEFENCE RESEARCH WING

A malware infected computer of ISRO exposed India’s premier space research agency to hackers, claimed Indian and French security researchers on Sunday. The researchers also claimed that hackers could have taken control of ISRO’s command rocket launches using the vulnerability. Express has not been able to independently verify this claim. The trojan malware, known as […]

IDOR – PayTM as an example !

What is an IDOR? Attacker, who is an authorised system user, simply changes a parameter value that directly refers to a system object to another object the user isn’t authorised for and if gains access to it defines an Insecure Direct Object Reference or IDOR. Lets say User A logs in to the system and […]