• 15 “Priority 1” vulnerabilities detected by our team

    From SQL and XSS injections, 3rd party vulnerabilities, file upload issues to password policy we ran a comprehensive penetration test and found a range of vulnerabilities for this client’s portal. With 15 “Priority 1” and a number of other vulnerabilities our team did a great job making a detailed examination and report. “Priority 1” vulnerabilities […]

  • XSS injection on emails on our latest ethical hack findings

    While doing a basic code review for a client’s web portal (bridging customers and service) we came across potential vulnerabilities which could compromise the system and recommended a proper ethical hack to screen the system. Our team managed to find 25 vulnerabilities including several SQL and XSS injections. We also uncovered an exciting Reflected/Stored XSS […]

  • SQL and XSS injection simplified

    Technical jargon can be confusing and security related ones even more. The terms “SQL injection” and “XSS injection” seem funny as the image suggests, but understanding it is a key to resolving the issue. To simplify it in a non technical way, imagine you have a robot which reads instructions via a form and performs […]

  • 472 risk points reduced for an accounting application

    Around 8 months back we conducted a non-intrusive security audit for an accounting backend application which involved us going through their system and making data classification matrix, supplier/processor list, data flow, network diagrams and conducting fact finding in various areas like application security, data security, infrastructure, access management, monitoring/logging, and organisational policy. At the end […]

  • Debian 10

    The long awaited Debian 10 (code name buster) has finally been released. It has the latest software versions and boasts of 57,703 packages. Long term support (LTS) of 5 years has been promised as well to ensure security updates are available till mid 2024! Debian 8 LTS is till June 2020Debian 9 LTS is till […]

  • GDPR fine of £183m likely for British Airways

    The Information Commissioner’s Office (the UK’s privacy watchdog) announced its plan to slap British Airways with a record £183 million (238 million €). In September 2018 BA disclosed a breach which affected 500,000 people where visitors on its website were diverted to a fraudulent website and personal/sensitive details including name, billing address, email address and […]

  • Facebook collected 1.5 million users email contacts without consent

    Facebook used to ask new users for their email password as a method of verification. Additionally, it offered to upload their email contact list (e.g. from google contacts). In May 2016, Facebook removed the message that explained the feature to upload contacts, however the underlying feature still remained, which means contact list uploads were automatically […]

  • The NSA Makes Ghidra, A Powerful Cybersecurity Tool, Open Source

    You can’t use Ghidra to hack devices; it’s instead a reverse-engineering platform used to take “compiled,” deployed software and “decompile” it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does. More details […]

  • Company loses $190 million in cryptocurrency as CEO dies with sole password

    A situation any company should avoid. Sole members having access to information which if lost causes irreparable damage (financial or reputation) to the company. Shared knowledge and information security usually contradict each other when it comes to sensitive data, but having a fail-over method ready is key for a compromise in between. Over $190 million […]