SEC-SEE: OWASP 2010 TOP 10

Latest Security News

HITBSecNews

Nvidia's flagship gaming GPU can crack complex passwords in under an hour - Nvidia's flagship gaming GPU can crack complex passwords in under an hour l33tdawg Thu, 05/02/2024 - 00:37
7 hours ago
BleepingComputer

HPE Aruba Networking fixes four critical RCE flaws in ArubaOS - HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions...
10 hours ago
Security Affairs

Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia - A former U.S. NSA employee has been sentenced to nearly 22 years in prison for attempting to sell classified documents to Russia. Jareh Sebastian Dalke (32...
14 hours ago
Healthcare IT News - Privacy & Security

Ransomware was used in 72% of network intrusions last year, says BakerHostetler - In addition to analyzing client ransomware incidents and other cyberattacks, the privacy and data security specialists at BakerHostetler compared inciden...
15 hours ago
KitPloit - PenTest Tools!

OSTE-Web-Log-Analyzer - Automate The Process Of Analyzing Web Server Logs With The Python Web Log Analyzer - Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying an...
20 hours ago
Schneier on Security

AI Voice Scam - Scammers tricked a company into believing they were dealing with a BBC presenter. They faked her voice, and accepted money intended for her.
21 hours ago
Krebs on Security

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years - A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leakin...
1 day ago
Digital Whisper - גיליונות

הגליון המאה שישים ואחד של DigitalWhisper שוחרר! - הגליון המאה שישים ואחד של DigitalWhisper שוחרר!פורסם ב- April 30, 2024 00:13:40, על ידי- cp77fk4r ברוכים הבאים לדברי הפתיחה של הגליון ה-161 של DigitalW...
2 days ago
Kaspersky Lab official blog

Global Transparency Initiative update, April 2024 | Kaspersky official blog - Expanding Global Transparency Initiative by opening Istanbul Transparency Center and launching a Transparency Lab together with Boğaziçi University
2 days ago
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Exposing Bulgaria’s "Circles" Commercial Spyware Vendor - An Analysis - It doesn't get any better than this. Infecting users with commercial spyware where you've managed to somehow infiltrate the global ecosystem of exploits ...
5 days ago
Didier Stevens

Overview of Content Published in March - Here is an overview of content I published in March: Blog posts: Update: metatool.py Version 0.0.4 SANS ISC Diary entries: Obfuscated Hexadecimal Payload 1...
2 weeks ago
Dr Anton Chuvakin Blog PERSONAL Blog

Recommended: AI-Powered SOC: it's the end of the Alert Fatigue as we know it? - I recommended AI-Powered SOC: it's the end of the Alert Fatigue as we know it? on TysonRhame. About me: http://www.chuvakin.org
4 weeks ago
ToolsWatch.org - The Hackers Arsenal Tools | Repository for vFeed and DPE Projects

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review - In the ever-evolving landscape of cybersecurity, staying ahead of the curve is paramount. As digital
4 weeks ago
HealthITSecurity

HC3 alerts shed light on two popular healthcare cyberattack tactics - The HHS Health Sector… read more
5 weeks ago
Lenny Zeltser on Information Security

3 Opportunities for Cybersecurity Leaders Who Choose to Stay - Several years into your role as a security leader at a company, you’ll reach a point when you ask yourself, “What’s next for me?” This article discusses th...
3 months ago
‫לא בטוח - בלוג אבטחת המידע של איתן כספי‬

זמין מיידית לעבודה חדשה - שלום למבקרים באתר, אני זמין כעת מיידית לעבודה חדשה, כשכיר או כעצמאי, כמובן בתחום אבטחת המידע. אפשר למצוא פרטים מקצועיים נוספים אודותיי וגם ליצור אתי קשר ...
9 months ago
TaoSecurity

My Last Email with W. Richard Stevens - In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book *TCP/IP Illustrated, Volume 1: The Protocols* by W. Richard Stevens...
10 months ago
Uncommon Sense Security

What a lovely sunset - Oh, hi. Long time no blog, eh? Well, it is time to sunset this blog, I will be deleting it in the next few weeks. So long, and thanks for all the fis...
11 months ago
Room362

Simple PHP webshell with php filter chains - Recently found an LFI in a PHP application and one of the cool things I learned about recently was PHP filter chains. More info here: https://www.synacktiv...
1 year ago
I Am Security

Hello world! - Welcome to WordPress. This is your first post. Edit or delete it, then start writing!
1 year ago
McAfee Blogs

A Scam in the Family—How a Close Relative Lost $100,000 to an Elder Scam - Written by James Schmidt Editor’s Note: We often speak of online scams in our blogs, ones that cost victims hundreds... The post A Scam in the Family—Ho...
1 year ago
Elusive Thougts

Hacking Solidity For fun and profit - Introduction After a long period of silence I am now going to write a post for hacking Solidity smart contracts for dummies (like me). The easiest way to p...
1 year ago
shell is only the beginning

Tracking WMI Activity with PSGumshoe - WMI (Windows Management Instrumentation) is the Microsoft implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) s...
2 years ago
DeepEnd Research

Renewed SideWinder Activity in South Asia - A few months ago, Trend Micro released a post which encapsulated the SideWinder APT group activity in the past year, showcasing SideWinder’s mobile malware...
3 years ago
Andrew Hay

Jupyter Notebook for crt.sh Queries - I created a Jupyter Notebook to query the crt.sh website, dump the results into a pandas data frame, and then printing out the unique list of results to th...
3 years ago
Symantec Blogs

Symantec Identity: Stepping Up to Meet the COVID-19 Crisis - COVID-19 confronted healthcare providers and governments with unprecedented requests for access, aid, and assistance. Here’s how one team at Symantec is ri...
4 years ago
חושב אחרת על אבטחת מידע

UNSINKABLE meets UNTHINKABLE פוסט לציון 108 שנים לטביעתה של הטיטניק והלקחים להגנת סייבר בימינו אנו - פוסט זה הוא עדכון משמעותי לפוסט שנכתב במקור בשנת 2012 לאחר צפיה בסרט תיעודי ששודר באותה השנה, במלאת 100 שנה לטביעת הטיטניק. בעדכון זה ננפץ כמה פרות קדושות ...
4 years ago
VirusBay Blog

How Reverse Engineering (and Cyber-Criminals’ Mistakes) Can Help You When You’ve Been a Ransomware Victim - Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. In the last two year...
4 years ago
Hackbusters.com

Tencent Shuts Down PUBG Mobile in China For Patriotic Alternative - Slashdot - Full Abbreviated Hidden /Sea Score: 5 4 3 2 1 0 -1
4 years ago
Network Security Blog

Lucky Break - One of the things I do from time to time is throw out an open ended question on Twitter. Sometimes I’m making a point, sometimes I just want to amuse myse...
5 years ago
Technolust since 2005

TekThing 161 – Bitcoin Sucks For Gaming PCs!!! Our Video Gear, Fingbox Home Network Security - —— Thank You Patrons! Without your support via patreon.com/tekthing, we wouldn’t be able to make the show for you every week! https://www.patreon.com/tekth...
6 years ago
טל פבל

Romania is vice-champion at the European Cyber Security - CERT-RO The National Response Center for Cyber Security Incidents affirmed on Friday that Romania, for the second consecutive year, has become the European...
6 years ago
Malware don't need Coffee

CoalaBot : http Ddos Bot - CoalaBot appears to be build on August Stealer code (Panel and Traffic are really alike) I found it spread as a tasks in a Betabot and in an Andromeda sp...
6 years ago
SecManiac.com

Social-Engineer Toolkit (SET) v7.7 “Blackout” Released - TrustedSec is proud to announce a major release of the Social-Engineer Toolkit (SET) v7.7. This version incorporates support for hostnames in the HTA att...
6 years ago
Malware at Stake

[Virus Bulletin Conference] The TAO of Automated Iframe Injectors - Building Drive-by Platforms For Fun and Profit - In this paper, we present the design of distributed infection model used by attackers to inject malicious iframes on the fly to conduct large scale driv...
6 years ago
Security Intelligence

Big Changes Around the Corner for the IoT - The IoT is transforming before our eyes due to increasing regulations, growing demand for security standards and advancements in the telecom industry. T...
7 years ago
0xicf

ClearEnergy ransomware can destroy process automation logics in critical infrastructure, SCADA and industrial control systems. - Schneider Electric, Allen-Bradley, General Electric (GE) and more vendors are vulnerable to ClearEnergy ransomware. Researchers at CRITIFENCE® Critical I...
7 years ago
ROOTCON Blog

ROOTCON 11 Venue - This years ROOTCON 11 will be held at Taal Vista Hotel in Tagaytay on September 21-22, 2017. We announced the venue as early as now so you can plan ahead...
7 years ago
Aten Labs

The ‘Compliance Only / CISSP / Minimum Viable Product / HR firewall’ infosec trapezoid of fuck - Yesterday (thurs, 3/24/16) I went on a tirade on twitter, regarding an experience I had in San Francisco during RSA week, while at a vendor party. I’ll let...
8 years ago
XyliBox

Citadel 0.0.1.1 (Atmos) - Guys of JPCERT, 有難う御座います！ Released an update to their Citadel decrypter to make it compatible with 0.0.1.1 sample. Citadel 0.0.1.1 don't have a lot of do...
8 years ago
Security Labs

Dridex Down Under - Raytheon | Websense® Security Labs™ has been tracking malicious email campaigns associated with the Dridex banking Trojan since 2014. An interesting deve...
8 years ago
Computer & Incidents | life.

What Verizon Missed in the Latest Threat Reports - * By: Zuk Avraham, Joshua Drake, Yaniv Karta, Jimmy Sha * * Read the full report - here Recently, Veriz...
8 years ago
בלוג אבטחת מידע

Forensic - אחת מהבעיות העיקריות בביצוע תהליך FORENSIC הוא לאחר ביצוע תהליך שיכפול ה - Harddisk (על פי כל התקנים של שיכפול ביט אחרי ביט), היא לבצע מחקר על *מחשב חיי...
8 years ago
M86 Security Labs Blog

Blog Moved - Please see the Trustwave SpiderLabs Blog.
9 years ago
SpiderLabs Anterior

TrustKeeper Scan Engine Update – February 4, 2015 - The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerabi...
9 years ago
Amrit Williams Blog

RSA Announces End of RSA Security Conference - Aims to bring clarity to cloudy marketing messages through exhibit hall chotskies Bedford, MA., – April 1, 2014 – RSA, the security division of EMC, today ...
10 years ago
stratBLOG - stratsec security research

botCloud – an emerging platform for cyber-attacks - Hosting network services on Cloud platforms is getting more and more popular. It is not in the scope of this article to elaborate the advantage of using Cl...
11 years ago
pentestmonkey

mimikatz: Tool To Recover Cleartext Passwords From Lsass - I meant to blog about this a while ago, but never got round to it. Here’s a brief post about very cool feature of a tool called mimikatz. I’m very grateful...
12 years ago
HexEsec | a pentester's view

Pentestify. - i’m over here now.
12 years ago
Seculert Blog

-
Security Art Blog

-
WHITE HAT HACKER

-
threatpost | The First Stop for Security News

-
sudosecure.net

-
Threat Landscape Dashboard | McAfee

-
Securelist / Blog

-
Site Home

-
Narkolayev Shlomi

-

OWASP 2010 TOP 10

The new OWASP Top Ten can be seen below:

A1 – Injection

A2 – Cross Site Scripting XSS
A3 – Broken Authentication and Session Management
A4 – Insecure Direct Object References
A5 – Cross Site Request Forgery (CSRF
A6 – Security Misconfiguration(NEW
A7 – Failure to Restrict URL Access
A8 – Unvalidated Redirects and Forwards (NEW
A9 – Insecure Cryptographic Storage
A10 – Insufficient Transport Layer Protection