‘Snake’ cyber espionage toolkit unmasked by defence contractor BAE Systems. The Researchers at the German security company G Data Software have reported about sophisticated rootkit malware which targets Governments and Military Networks. The malware designed to steal data from secure facilities and has ability to take control of an infected machine, execute arbitrary commands and hide system activities. “The threat described in this report really does raise the bar in terms of what potential targets, and the security community in
Tag Archives: Web Security
Security expert Ebrahim Hegazy, Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter. The Twitter Unrestricted File Upload Vulnerability allows an attacker to upload files of any extension including PHP. When an application does not validate or improperly validates file types before uploading files to the system, called Unrestricted File upload vulnerability. Such flaws allow an attacker to upload and execute arbitrary code on the target system which could result in execution of arbitrary HTML and script
Cyber Security Expert and Penetration tester, Ebrahim Hegazy has found a serious vulnerability in Yahoo’s website that allows an attacker to remotely execute any commands on the server i.e. Remote Command Execution vulnerability. According to Ebrahim blog post, the vulnerability resides in a Chinese subdomin of Yahoo website. Last week, He reported the flaw to Yahoo Security Team and also tip-off them of more threat. Yahoo remote command execution vulnerability fixed by Yahoo Security Team within a day after he reported.
Web Security is possibly today’s most noisy and multiaspect field that is a prior task in any organization. It is worth saying for an introduction that Web is a system of interconnected documents accessed via the Internet. On the whole the term called “WEB”is known to be a human knowledge and culture storage, which enables users in remote sites to share their ideas and thoughts in all aspects of a common computing project. Since unknown “intruders” are concentrated on web applications,