Category: Articles

A week in security (August 31 – September 6)

~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- Last week on Malwarebytes Labs, we dug into security hubris on the Lock and Code podcast, explored ways in which Apple’s notarization process may not be hitting all the right notes, and detailed a new web skimmer. We also explained how to keep distance learners secure, talked about PCI DSS compliance, and revealed … Continue reading A week in security (August 31 – September 6)

New PIN Verification Bypass Flaw Affects Visa Contactless Payments

~ Dade Murphy ~ Leave a comment

The Hacker News-- Even as Visa issued a warning about a new JavaScript web skimmer known as Baka, cybersecurity researchers have uncovered a new flaw in the company's EMV enabled cards that enable cybercriminals to obtain funds and defraud cardholders as well as merchants illicitly. The research, published by a group of academics from the … Continue reading New PIN Verification Bypass Flaw Affects Visa Contactless Payments

SMB Cybersecurity Catching Up to Enterprise… But the Human Element Still a Major Concern

~ Dade Murphy ~ Leave a comment

The Hacker News-- Cyberattacks on small to medium-sized businesses (SMBs) are continuing at a relentless pace, with the vast majority of data breaches coming from outside the organization. Some believe hackers are aggressively targeting these smaller firms because they believe SMBs lack adequate resources and enterprise-grade security tools, making them easier prey than larger businesses. … Continue reading SMB Cybersecurity Catching Up to Enterprise… But the Human Element Still a Major Concern

Stop scratching the surface, and hack the dependencies

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- TLDR; How I’ve found four XSS vulnerabilities in Grafana rather than keep scratching the surface while hunting in a private BBP and got rewarded for three criticals(!)* But you will have to read it to figure out why 😎Not too long ago, I was hunting in my favorite Bug-Bounty program but couldn’t … Continue reading Stop scratching the surface, and hack the dependencies

Writing my Medium blog to complete account takeover

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- One night a few weeks ago, I was writing a new Medium blog post on nothing other than — why companies should embrace bug-bounty platforms until I had a writer’s block.I thought to myself “let’s take a few minutes to do something else and then come back to it”. And what do I do … Continue reading Writing my Medium blog to complete account takeover

TryHackMe Basic Pentesting Walkthrough.

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Retrieved from tryhackme.comReconnaissanceFirst thing we need to do is scanning. Let’s run two Nmap scans:Nmap -sV -sC -O <ip-addr> -oN basic_scan.nmapNmap — script=vuln <ip-addr> -oN vuln_scan.nmapThe first Nmap scan is very similar to -A (aggressive) scan, but it doesn’t do traceroute. The second one is meant to find potential attack vectors for the victim.The results … Continue reading TryHackMe Basic Pentesting Walkthrough.

TryHackMe. Hacking a Vulnversity Machine.

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- A write-up for myself:) If you’re interested in learning ethical hacking/ pentesting, check my TryHackMe Vulnversity walkthough.Retrieved from try hackme.comReconnaissanceFirst step of compromising the given machine is port scanning with Nmap.The switches that I used for this scan are:-sV (for service version discovery)-oN (for keeping results in an Nmap formatted file)As we can … Continue reading TryHackMe. Hacking a Vulnversity Machine.