Credential Disclosure in LastPass
LastPass was susceptible to a clickjacking attack. By intercepting traffic, an attacker would have been able to harvest login credentials of LastPass users. LastPass ...
Read MoreSearch
Using Cloudflare to bypass Cloudflare
Cloudflare customer-configured protection mechanisms (e.g., Firewall, DDoS prevention) for websites can be bypassed due to gaps in cross-tenant security controls ...
Read MoreThousands of Organizations Vulnerable to Subdomain Hijacking
Subdomain Hijacking presents a concerning scenario where attackers take control of websites hosted on subdomains owned by reputable organizations, enabling them to ...
Read MorePrivilege Escalation in IBM Spectrum Virtualize
During a very short security test, Certitude identified two vulnerabilities in the firmware of IBM Spectrum Virtualize, a storage solution by IBM. One of these ...
Read More