Collaborate Disseminate
In this Help Net Security interview, Mike Lemberger, Visa’s SVP, Chief Risk Officer, North America, discusses the severe financial losses resulting from triangulation fraud, estimating monthly losses to range from $660 million to $1 billion among merch… Continue reading Triangulation fraud: The costly scam hitting online retailers
Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential proxies before authentication takes place. Abuse of proxy networks “In creden… Continue reading Okta warns customers about credential stuffing onslaught
Researchers have found two novel types of attacks that target the conditional branch predictor found in high-end Intel processors, which could be exploited to compromise billions of processors currently in use. The multi-university and industry researc… Continue reading Researchers unveil novel attack methods targeting Intel’s conditional branch predictor
Do you have an idea how my AWS credentials could be stolen in the following setup:
A 4 weeks old GitHub organization with 5 repositories & AWS Account
AWS CI User Credentials with Administration Privileges were saved as Github secrets… Continue reading AWS Key stolen out of Github Actions / Secret Store
I’ve been monitoring my server’s SSH logs and noticed a steady stream of login attempts from unknown IP addresses, mostly from different countries.
Heaps and heaps of account names are tried, and with some quick server stats I’d say, at le… Continue reading Should I be worried about unusual SSH login attempts from unknown IP addresses?
In this Help Net Security video, Sonu Shankar, Chief Strategy Officer at Phosphorus, discusses how Blackjack’s Fuxnet malware should be a wakeup call to industrial operators about the vulnerability of sensor networks and the outsized impact these attac… Continue reading Fuxnet malware: Growing threat to industrial sensors
Law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the international level by Europol, resulted in the compromise of LabHost’s infra… Continue reading Authorities take down LabHost, phishing-as-a-service platform
In this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology (OT) cyber attacks and their 2024 Threat Report. He examines how global geopolitical tensions and evolving ransomware … Continue reading Geopolitical tensions escalate OT cyber attacks
If a user has already logged in, and then the site sets a non HttpOnly cookie, then it seems possible to trick the user into doing something that would lead to the cookie being stolen.
If the cookie expires after one minute, it seems like … Continue reading Is it possible to trick a user into logging in to a site, then stealing a non HttpOnly cookie that will be set after they log in?
I understand the different purposes the two parameters serve, but is there anything speaking against the state and nonce parameters being the same string?
Continue reading Can the state and nonce have the same value?