This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \evil.com/path. This vulnerability is only exploitable if an….
A cyber security partnership, with 10 founding organisations, has launched to tackle an increase in cyber security attacks. Funded by the Scottish Government, CyberScotland will help both individuals and organisations to protect themselves against online threats. The partnership’s first move was launching CyberScotland.com on Monday, which offers resources to the public, private, and third sectors,…
Endpoint Security , Hardware / Chip-level Security After Researchers Release Report, Chipmakers Assert That No New Defenses Are Needed Doug Olenick (DougOlenick) • May 6, 2021 Intel and AMD are disputing the findings of researchers from two universities who say they’ve discovered new attacks on Intel and AMD processors that can bypass most…
The U.S. Securities and Exchange Commission (SEC) this week announced sanctions against several companies over cybersecurity failures that resulted in email accounts getting hacked and the exposure of customer information. A total of eight entities belonging to three companies have been sanctioned by the SEC, including Cetera (Advisor Networks, Investment Services, Financial Specialists, Advisors, and…
Transportation Security Administration issues second Security Directive WASHINGTON – Today, in response to the ongoing cybersecurity threat to pipeline systems, DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions. “The lives and livelihoods of the American people depend on…
History Shows Threats Ramp Up When Businesses Shut Down Labor Day weekend is upon us. Unfortunately, history has shown that, rather than resting, hackers and other threat actors take advantage of holidays to attack closed or understaffed businesses when they least expect it. To remind businesses not to let their guard down over the holiday…
A distributed denial-of-service (DDoS) extortion group has blazed back on the cybercrime scene, this time under the name of “Fancy Lazarus.” It’s been launching a series of new attacks that may or may not have any teeth, researchers said. The new name is a tongue-in-cheek combination of the….
