TL;DR A year ago we have been contacted by one of our clients from Middle east regarding looking for/implementing a payment processing solution for their own eCommerce solution and asked us to assist them in order to give them some candidates working in the same field in the middle east but we refused because our job is to assess not to suggest specific names, they suggested us some names but one among those names were a name-with-a-reputation but they ended up not choosing this name due to insecure implementation.
Continue reading “PAYFORT – Multiple Security Issues and Concerns in a PCI/DSS compliant payment processor SDK!”
Today’s discovery is not a big deal too, just another Clickjacking in the world, but this time in the newly added “OPT-IN” feature by coinhive and authedmine but first let’s know some terms before we begin.
What is Coinhive?
Continue reading “CryptoJacking by Clickjacking: Bypassing Coinhive OPT-IN feature and trick users into Cryptocurrency mining!”
Supp!, How are you guys! I hope you’re fine, I’m Seif Elsallamy (again) if you don’t remember me read my previous blog here: Stored XSS in the heart of the Russian email provider giant (Mail.ru)
Before we go in depth, lets know What is Linkshim ?
Continue reading “Rolling around and Bypassing Facebook’s Linkshim protection on iOS”
I am Ali Kabeel an Application Security Intern at Seekurity team. This is my first blog i hope you like it. In this blog post I will be mainly focusing on Business Logic vulnerabilities by offering some tips and tricks on how to abuse invitation systems using real-world examples from my Facebook Bug Bounty experience but first let’s get a general knowledge about some concepts.
Continue reading “Business Logic Vulnerabilities Series: A brief on Abusing Invitation Systems”
2 months ago we have installed some servers in countries such as Germany and Singapore in which constantly we are receiving automated SSH bruteforce attacks trying to compromise the root user mainly from countries like China, Argentina, Brasil, Ecuador, Taiwan, Korea and India. After analyzing the traffic, we disabled the root user but hours later we started receiving attacks with different users, then we proceed to block the usage of users like: admin, test, guest, info, oracle, testing, webmaster and user.
Continue reading “List of IPs you should block in your SSH server”
Before we start we need to explain some frequently mentioned terms which are: QR Code, SSO and Clickjacking.
What is QR Code?
QR code (abbreviated from Quick Response Code) is the trademark for a type of matrix barcode (or two-dimensional barcode) first designed for the automotive industry in Japan. A barcode is a machine-readable optical label that contains information about the item to which it is attached. A QR code uses four standardized encoding modes (numeric, alphanumeric, byte/binary, and kanji) to efficiently store data; extensions may also be used.
Continue reading “QRLJacking – Your QR-based session belongs to us!”
Adopting new technologies such as VoIP by small, medium and large companies,
isn’t only about the benefit representing a decrease in costs, is about an risk increase exposure too,
which can be reflected in the payment of large sums of money , because (national or international)
calls made by people outside the company.