Preventing NTP Reflection Attacks

Preventing NTP Reflection Attacks

The Network Time Protocol (NTP) is the standard protocol for time synchronization in the IT industry. It is widely used by servers, mobile devices, endpoints, and network devices, irrespective of their vendor. The latest version of NTP (version 4) is defined in RFC 5905. The... Read More → The post ... Read More
What Is Persistent XSS

What Is Persistent XSS

Persistent Cross-site Scripting (Stored XSS) attacks represent one of three major types of Cross-site Scripting. The other two types of attacks of this kind are Non-Persistent XSS (Reflected XSS) and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate... Read More → The post ... Read More
What Is HSTS and Why Should I Use It?

What Is HSTS and Why Should I Use It?

HSTS stands for HTTP Strict Transport Security. It is a method used by websites to declare that they should only be accessed using a secure connection (HTTPS). If a website declares an HSTS policy, the browser must refuse all HTTP connections and prevent users from... Read More → The post ... Read More
Internet Explorer  / XML External Entity Injection 0day / CVE-2019-0995

XML External Entity Vulnerability in Internet Explorer

When exploiting a typical XML External Entity (XXE) vulnerability, the attacker attempts to gain access to the content of files on a Web server. However, XXE vulnerabilities may also allow the attacker to steal private... Read More → The post XML External Entity Vulnerability in Internet Explorer appeared first on ... Read More
Visit Us at the Malta A.I. & Blockchain Summit 2019

Visit Us at the Malta A.I. & Blockchain Summit 2019

Acunetix will be exhibiting at the Spring Edition of the Malta A.I. & Blockchain Summit. The event will take place on May 23-24 at the Hilton Business Centre in St. Julian’s in Malta. The summit... Read More → The post Visit Us at the Malta A.I. & Blockchain Summit 2019 ... Read More
Remote Code Execution in bootstrap-sass Ruby Package

Remote Code Execution in bootstrap-sass Ruby Package

If you are using Ruby to develop applications, run the latest update of Acunetix to make sure that you are safe. A very popular Rails gem bootstrap-sass was recently compromised. A malicious version of the package... Read More → The post Remote Code Execution in bootstrap-sass Ruby Package appeared first ... Read More
Mutation XSS in Google Search

Mutation XSS in Google Search

Are you sure that your website is safe from Cross-site Scripting if Google Search was not for five months? On September 26, 2018, one of the developers working on the open-source Closure library (originally created... Read More → The post Mutation XSS in Google Search appeared first on Acunetix ... Read More
All That You Need to Know About Man-in-the-Middle Attacks

All That You Need to Know About Man-in-the-Middle Attacks

In a man-in-the-middle (MITM) attack, a black hat hacker takes a position between two victims who are communicating with one another. In this spot, the attacker relays all communication, can listen to it, and even modify it. Imagine that Alice and Barbara talk to one another on the phone in ... Read More
Facebook Messenger for Web memory bug in 2018

GIF Buffer Content Exposed by Facebook Messenger

The saying one man’s trash is another man’s treasure applies to IT security as well. There are several types of attacks, such as buffer overflow, that rely on accessing leftover memory content. For example, this is exactly what the infamous Heartbleed bug in OpenSSL was all about. A Belarussian bug ... Read More
Remote Code Execution Possible in Drupal

Remote Code Execution Possible in Drupal

On February 19, Drupal released a security advisory PSA-2019-02-19 (further amended by PSA-2019-02-22). The advisory contains information about a critical security flaw in Drupal 8.5 and 8.6 core. This flaw, classified as CVE-2019-6340, can be used for remote code execution (code injection). An exploit for this vulnerability has been released ... Read More