Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details

A man from New York City has admitted to computer hacking and associated crimes after being caught with a laptop containing hundreds of thousands of stolen payment card details.

Read more in my article on the Hot for Security blog. Continue reading Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details

SQL Injection Attack on Airport Security

Interesting vulnerability:

…a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips.

The KCM process is fairly simple: the employee uses the dedicated lane and presents their KCM barcode or provides the TSA agent their employee number and airline. Various forms of ID need to be presented while the TSA agent’s laptop verifies the employment status with the airline. If successful, the employee can access the sterile area without any screening at all…

Continue reading SQL Injection Attack on Airport Security

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, t… Continue reading Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

Understanding Search Behavior on a Website [URL Encoding and Query Handling] [closed]

I’m currently testing the search feature on a website, and I’ve encountered an interesting behavior. The site displays the search query in the page itself, even if it’s an XSS payload (although it doesn’t trigger any XSS). Here are the det… Continue reading Understanding Search Behavior on a Website [URL Encoding and Query Handling] [closed]

VMware Patches Critical SQL-Injection Flaw in Aria Automation

VMware warns that authenticated malicious users could enter specially crafted SQL queries and perform unauthorized read/write operations in the database.
The post VMware Patches Critical SQL-Injection Flaw in Aria Automation appeared first on SecurityW… Continue reading VMware Patches Critical SQL-Injection Flaw in Aria Automation

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to p… Continue reading PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)