Zip Slip Vulnerability Affects Thousands of Projects Researchers discovered a flaw in almost all zip-style file decompressors – RAR, TAR, 7ZIP-APK and others. The problem is caused by a very old attack vector called directory traversal that these libraries do not handle correctly. The decompressor libraries were likely downloaded from places like Github and Stack […]
Continue reading → [DISPLAY_ACURAX_ICONS]Enterprise Resource Planning (ERP) systems are quickly becoming a popular target of hackers. It used to be that these systems were on private networks behind firewalls, but as companies move to the cloud and include their vendors and subcontractors in their ERP systems, the systems are becoming more public. More public means easier to hack. […]
Continue reading → [DISPLAY_ACURAX_ICONS]O P I N I O N Christopher Krebs, The Undersecretary for the National Protection and Programs Directorate (NPPD) of DHS said individuals voting rights were safe despite persistent attacks on the voting infrastructure. He said, that by law, if you show up to vote and there is a problem with your registration, you have […]
Continue reading → [DISPLAY_ACURAX_ICONS]As I wrote last week, LabCorp, the mega medical lab testing company (mega as in revenue around $10 billion last year) was breached and they have provided some interesting insights as they have been forced to detail to the SEC some of what happened last week when they had to shut down large parts of […]
Continue reading → [DISPLAY_ACURAX_ICONS]In late 2015 Juniper announced that it had found two backdoors in the router and firewall appliances that it sells. Backdoors are unauthorized ways to get into these systems in a way that bypasses security. Kind of like going around to the back of the house and finding the kitchen door unlocked when no one […]
Continue reading → [DISPLAY_ACURAX_ICONS]Israeli Startup Raises $12.5 Million to Help Governments Hack IoT Given the sad state of IoT security, I am not sure that governments need any help in hacking IoT devices, but just in case they do, Israeli startup Toka raised $12.5 million to help police hack iPhones, Alexas, Echos and Nests, along with other IoT […]
Continue reading → [DISPLAY_ACURAX_ICONS]