All That You Need to Know About Man-in-the-Middle Attacks
In a man-in-the-middle (MITM) attack, a black hat hacker takes a position between two victims who are communicating with one another. In this spot, the attacker relays all communication, can listen to it, and even modify it. Imagine that Alice and Barbara talk to one another on the phone in ... Read More
GIF Buffer Content Exposed by Facebook Messenger
The saying one man’s trash is another man’s treasure applies to IT security as well. There are several types of attacks, such as buffer overflow, that rely on accessing leftover memory content. For example, this is exactly what the infamous Heartbleed bug in OpenSSL was all about. A Belarussian bug ... Read More
Remote Code Execution Possible in Drupal
On February 19, Drupal released a security advisory PSA-2019-02-19 (further amended by PSA-2019-02-22). The advisory contains information about a critical security flaw in Drupal 8.5 and 8.6 core. This flaw, classified as CVE-2019-6340, can be used for remote code execution (code injection). An exploit for this vulnerability has been released ... Read More
Critical CSRF Vulnerability on Facebook
A security researcher Youssef Sammouda (Samm0uda) recently discovered a critical CSRF (Cross-site Request Forgery) security vulnerability on Facebook. This security issue could have been used to take over any Facebook user account. Samm0uda reported the bug on January 26 and Facebook fixed it just 5 days later. On February 12, ... Read More
