Vulnerability Archive
Magecart attackers

An Attack on 3rd-Party Advertising Company Increased Cyber Risk of European E-Commerce Sites

A malicious code injected to a third-party Javascript of an advertising agency targets credit card information of online shoppers at European-based e-commerce sites. Many websites leverage Javascripts to track their visitors, collect analytics, etc. So, use of a Javascript library of an advertising agency is not uncommon. External Javascripts that run at your website pose […]
Major third-party breaches revealed in November 2018

Major Third-Party Breaches Revealed in November 2018

A recent survey conducted by Ponemon Institute reveals that 56% of companies have experienced a 3rd-party breach in 2017, which is an increase of 7% compared to previous year. Data breaches caused by third parties cost millions of dollars to large companies. Third-parties include broad range of companies a company directly worked with such as […]
Misconfigured cloud servers top 10

Open Invitation to Hackers: Misconfigured Cloud Servers

Many companies use cloud servers to store their data. Despite their great advantage, misconfigured servers may expose sensitive data, a mistake which is an open invitation to hackers to dump and use a company’s data for their malicious activities. How is it possible? 4th party service providers, such as cloud storage providers, improve their cyber […]
Software supply chain attacks

How to Prevent Software Supply-Chain Attacks

The recent warning posted by US National Counterintelligence and Security Center (NCSC) for software supply-chain attack risk draws attention to software used by companies in their supply chain. Every 3 out of 4 professionals acknowledge that they are not fully prepared for supply-chain attacks (aka third-party attacks or value-chain attacks) in responses given to a […]
patch management

Have you patched your holes? 6 Simple Things for Patch Management

A vulnerability is a hole or a weakness in an application. It can be a design flaw or a bug. Attackers exploit vulnerabilities to harm the application owner, application users, and other entities that rely on the application. Patch management is the process of software updates to eliminate vulnerabilities or mitigate cyber risk caused by […]
patch management

What is Patch Management?

What is Patch Management? Patch management is a strategy for systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. This intervention enables systems to stay updated on existing patches, and helps also IT teams determine which patches are the appropriate ones. As a part of change management, […]
Malicious JavaScripts

Malicious JavaScripts: How Can You Get Hacked?

Malicious JavaScripts: How Can You Get Hacked? Detecting the vulnerabilities and leaking are of the essence in hacking. That’s why maintaining cyber security is quite crucial for individuals and corporations. In 2017, even a big firm like Yahoo was hacked by a simple phishing e-mail. Equifast -one of the largest credit bureaus- was hacked through […]
Malicious Javascript hack Code

How Companies Are Hacked via Malicious Javascript Hack Code?

Malicious Javascript Hack Code; JavaScript is dangerous. Maybe you’ve heard this sentence several times before. Actually, being dangerous or not dangerous is true under different circumstances. JavaScript can be dangerous if the proper precautions aren’t taken. It can be used to view or steal personal data even you don’t realize what’s going on. And since […]
Domain Shadowing

Domain Shadowing

What is Domain Shadowing? The concept of domain shadowing has first appeared in 2011, and domain shadowing attack is defined as the creating new subdomains to intervene in traffic flow by attackers. Domain shadowing is the process of creating subdomains by domain owners using credentials. Subdomains are created for legitimate domains. For cyber criminals, domain […]
cms vulnerability

How Companies are Hacked via Basic CMS Vulnerabilities

CMS Vulnerabilities; What is CMS? CMS (Content Management Systems) is a computer application that supports the creation and modification of digital content [1]. Basically, we use it for website management and preparation. Over time, many organizations have developed their own custom CMS software. With the increase of these software, in 1995, CNET developed the idea […]