CyberSecurity Revolution
GitHub User Dupes Security Researchers with Malicious Linux PoCs A GitHub user tricked security researchers by publishing malicious proofs-of-concept (PoCs) containing Linux backdoors. Researchers from Uptycs revealed that the user, now deactivated, had copied genuine
Continue readingMicrosoft Counters Chinese Cyber Espionage Attempt on Western European Governments On Tuesday, Microsoft announced that it had successfully defended against a cyber espionage campaign by a Chinese nation-state actor, identified as Storm-0558, targeting approximately 25
Continue readingApple invoked Rapid Security Response (RSR) to patch 0-day WebKit vulnerability impacting iPads, iPhones and MacsApple isn’t so “rapid” in patching security vulnerabilities, so this is only the second time Apple has invoked the Rapid
Continue readingAndroid device-fingerprint spoofing tools makes it difficult for anti-fraud teams to detect fraudsters using stolen sessionsFraud prevention controls implemented by anti-fraud teams form the last line of defense from attacks exploiting compromised credentials or exfiltrated
Continue readingTruebot Malware Variants Abound, According to CISA AdvisoryAn advisory from the Cybersecurity and Infrastructure Security Agency (CISA), several US organizations, and the Canadian Center for Cyber Security (CCCS) warns of Truebot malware variants that are
Continue readingI recently needed to add some sensitive data to a database which was later going to be sent to a Google Sheet. Now, the situation was such that the sensitive data can lie unencrypted in
Continue readingTL;DR Version The Long Version I do a fair bit of Chrome Extension development as a part of my job owing to which I come across problems that usually require me to think outside the
Continue reading
In this video, I have tried my best to explain the Request Smuggling attack by first explaining how a server handles HTTP requests based on Content-Length and Transfer-Encoding Headers. I will soon follow up with
Continue reading
This is a story of an IDOR I reported on an Asian fashion eCommerce website’s private program. Like most eCommerce websites, this website provided a feature to store addresses in the customer’s account …
Continue reading
Historically, system developers have been assigning auto-incrementing integer identifiers to database rows. This made it trivial to exploit IDORs. Just one vulnerability could allow exfiltration of all objects belonging to any user in the application. Same goes for delete or edit IDORs.
Continue reading
Hey There, I am Amey Anekar - Cyber Security Specialist with a passion for solving security problems even when resources are limited. I've been fortunate to develop a knack for gauging an organization's cyber security posture and helping them plan a transition towards becoming more resilient in the face of cyber threats. It's a privilege to be able to contribute to the field and assist organizations in safeguarding their digital assets. Get In Touch