Credential stuffing attack

LastPass has launched an investigation following a recent surge in blocked login attempts. The emailed notifications to a pre-registered email address would normally follow attempts to log in from a different browser version, device, or location. Users in receipt of these emails are invited to go to a link in order to confirm that the

Read More

Insecure File Uploads

It is quite rare for a modern web application with an active user base to not have a file upload function. The ability for users to upload files to a web server has become an integral part of interacting with web applications, whether that is uploading a profile picture, submitting a resume to a job

Read More

Log4j zero day security vulnerability, detection and logfix

How many of us are surprised to learn that yet another log4j security vulnerability has been discovered? In my office, that would be a big, fat zero. We don’t like it mind you, but surprised? Heck no. The latest, CVE-2021-44832, with a Common Vulnerability Scoring System (CVSS) rating of 6.6, moderate, isn’t awful. But this

Read More