Skip to content
GeekWire
  • Home
  • News
    • CERT
    • EXPLOITS
    • NCSC
    • NVD
    • SECURELIST
    • US-CERT
  • Security
    • Books
    • Pentest
    • Privacy
  • GHDB
  • CHDB
  • Archive
  • About
    • Privacy Policy
    • Terms of Use
    • External Links
    • Sitemap
GeekWire
  • Home
  • News
    • CERT
    • EXPLOITS
    • NCSC
    • NVD
    • SECURELIST
    • US-CERT
  • Security
    • Books
    • Pentest
    • Privacy
  • GHDB
  • CHDB
  • Archive
  • About
    • Privacy Policy
    • Terms of Use
    • External Links
    • Sitemap

Weekly

API Security Weekly: Issue #123

4 March 2021

This week, we learn about the recent serious API vulnerability in VMware vCenter (if you have one, update ASAP!), why query and path …

Tags Issues, IT, News, Weekly

API Security Weekly: Issue #122

25 February 2021

This week, we take a look at the recent data spill incident at Clubhouse, the (poor) state of API security in major healthcare mobile …

Tags Issues, IT, News, Weekly

API Security Weekly: Issue #121

18 February 2021

This week, we take a look at the recent API vulnerability at chess.com, resources for GraphQL API security, and some API security advice …

Tags Issues, IT, News, Weekly

API Security Weekly: Issue #119

4 February 2021

This week, we take a look at the recently discovered API attack in NoxPlayer, the latest annual “State of Web Application Security” …

Tags Issues, IT, News, Weekly

API Security Weekly: Issue #118

28 January 2021

This week, we check out a potential exposure of APIs developed with Spring Framework and OAuth 2.0 attack classification. There’s also a …

Tags Issues, IT, News, Weekly

API Security Weekly: Issue #117

21 January 2021

This week, we look into some recent API vulnerability reports on YouTube and Amazon’s Ring Neighbors app, there is a new proposed …

Tags Issues, IT, News, Weekly

API Security Weekly: Issue #116

14 January 2021

This week, we check out the recent API vulnerabilities at Facebook and Parler, there is a new GraphQL discovery tool called clairvoyance, …

Tags Issues, IT, News, Weekly

API Security Weekly: Issue #115

7 January 2021

This week, we revisit the API aspects of the SolarWinds breach and check out how APIs featured in the recent Ledger breach. There is also …

Tags Issues, IT, News, Weekly

API Security Weekly: Issue #114

17 December 2020

This week, we check out the API aspects of the recent SolarWinds and PickPoint breaches. Also, we have a review on how to shift API …

Tags Issues, IT, News, Weekly

API Security Weekly: Issue #113

10 December 2020

This week, we take a look at the recent API vulnerabilities reported at YouTube and 1Password, a detailed OpenID Connect (OIDC) security …

Tags Issues, IT, News, Weekly

API Security Weekly: Issue #112

3 December 2020

This week, we have the recently reported API vulnerability in Duffel’s Paginator, a new API fuzzer from Microsoft Research, an upcoming …

Tags Issues, IT, News, Weekly

API Security Weekly: Issue #111

1 December 2020

This week, we take a look at the recent API security issues with Resource-Based Policy APIs at Amazon Web Services (AWS), Backup Gateway …

Tags Issues, IT, News, Weekly
Post navigation
Older posts
Page1 Page2 … Page5 Next →
Cookie-Free

NVD

CVE-2021-21360 – Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Si …

9 March 2021

CVE-2021-21361 – The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure …

9 March 2021

CVE-2021-24033 – react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input arg …

9 March 2021

CVE-2021-21354 – Pollbot is open source software which "frees its human masters from the toilsome task …

8 March 2021

CVE-2021-21362 – MinIO is an open-source high performance object storage service and it is API compatible w …

8 March 2021

CVE-2020-27574 – Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an aut …

8 March 2021

EXPLOITS

GLPI 9.5.3 – ‘fromtype’ Unsafe Reflection

8 March 2021

Joomla JCK Editor 6.4.4 – ‘parent’ SQL Injection (2)

8 March 2021

Pingzapper 2.3.1 – ‘PingzapperSvc’ Unquoted Service Path

8 March 2021

Hotel and Lodge Management System 1.0 – Remote Code Execution (Unauthenticated)

8 March 2021

Configuration Tool 1.6.53 – ‘OpLclSrv’ Unquoted Service Path

8 March 2021

Print Job Accounting 4.4.10 – ‘OkiJaSvc’ Unquoted Service Path

8 March 2021

SECURELIST

Zero-day vulnerabilities in Microsoft Exchange Server

4 March 2021

Mobile malware evolution 2020

1 March 2021

The state of stalkerware in 2020

26 February 2021

Lazarus targets defense industry with ThreatNeedle

25 February 2021

DDoS attacks in Q4 2020

16 February 2021

Spam and phishing in 2020

15 February 2021

Information Cyber Network Enterprise Security News

© 2021 GeekWire | Privacy Policy | Cookie-Free | We are not responsible for the content of external sites.