code injection – WindowsTechs.com

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Posted on June 11, 2024 by Georgy Kiguradze

The report analyzes the security properties of a popular biometric access control terminal made by ZkTeco and describes vulnerabilities found in it. Continue reading QR code SQL injection and other vulnerabilities in a popular biometric terminal→

Malicious code in APKPure app

Posted on April 9, 2021 by Igor Golovin, Anton Kivva

Malicious code was detected in version 3.17.18 of the APKPure alternative app store for Android. We recommend deleting the infected version and installing APKPure 3.17.19 asap. Continue reading Malicious code in APKPure app→

Web App Security: Don’t Let the Code Injection Grinch Steal Holiday Joy

Posted on December 2, 2020 by Ameet Naik

This holiday season more and more e-commerce site operators will be deploying web app security solutions such as content security policies (CSPs) to protect themselves and their users against cyberattacks, including cross-site scripting (XSS), formjac… Continue reading Web App Security: Don’t Let the Code Injection Grinch Steal Holiday Joy→

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

Posted on November 6, 2020 by Tara Seals

The shopping cart application contains a PHP object-injection bug. Continue reading WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug→

Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach

Posted on November 2, 2020 by Tara Seals

JM Bullion fell victim to a payment-card skimmer, which was in place for five months. Continue reading Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach→

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Posted on July 7, 2020 by Tara Seals

Admins should patch their Citrix ADC and Gateway installs immediately. Continue reading Citrix Bugs Allow Unauthenticated Code Injection, Data Theft→

When Anti-Virus Engines Look Like Kernel Rootkits

Posted on May 27, 2020 by Andrew Case

While analyzing real-world systems, memory analysts will often encounter anti-virus (AV) engines, EDRs, and similar products that, at first glance, look suspiciously like malware. This occurs because these security products leverage the same techniques… Continue reading When Anti-Virus Engines Look Like Kernel Rootkits→

WordPress, Apache Struts Attract the Most Bug Exploits

Posted on March 18, 2020 by Tara Seals

An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019. Continue reading WordPress, Apache Struts Attract the Most Bug Exploits→

The cybercrime ecosystem: attacking blogs

Posted on November 21, 2019 by David Jacoby

It is very common to see cybercriminals exploit vulnerabilities in blogging software such as WordPress and Joomla! for injecting their malicious code. In my research, I decided to investigate this further and see what the current threat landscape looks like by researching the most visited blogs in Sweden. Continue reading The cybercrime ecosystem: attacking blogs→

Website, Know Thyself: What Code Are You Serving?

Posted on November 14, 2019 by Tony Lauro

Code-injection via third- and fourth-party scripts — as seen with Magecart — is a growing security problem for websites. Continue reading Website, Know Thyself: What Code Are You Serving?→