file upload | Breaking Cybersecurity News | The Hacker News

Numerous industries—including technology, financial services, energy, healthcare, and government—are rushing to incorporate cloud-based and containerized web applications.  The benefits are undeniable; however, this shift presents new security challenges.  OPSWAT's 2023 Web Application Security report  reveals: 75% of organizations have modernized their infrastructure this year. 78% have increased their security budgets. Yet just 2% are confident in their security posture. Let's explore why confidence in security lags infrastructure upgrades and how OPSWAT closes that gap. Evolving Infrastructure Outpaces Security Upgrades. The pace of security upgrades struggles to keep up with technological advancements. This gap is especially visible in file upload security. Companies are updating their infrastructure by embracing distributed, scalable applications that leverage microservices and cloud solutions—creating new avenues of attack for criminals. Cloud Hosting  Businesse

Internet millionaire and Megaupload founder Kim Dotcom and his three associates are eligible for extradition to the US to face criminal charges over massive copyright infringement on Megaupload (now-shuttered), the court has ruled citing " overwhelming " evidence. On Tuesday afternoon, New Zealand District Court Judge Nevin Dawson told the court that the United States had presented enough evidence against Dotcom and his co-defendants and that they should be surrendered to the US. US prosecutors want Dotcom, and colleagues Mathias Ortmann , Bram van der Kolk and Finn Batato to stand trial on charges of copyright infringement, racketeering, and money laundering. "No matter what happens in Court tomorrow, I'll be fine. Don't worry. Enjoy your Christmas & know that I'm grateful to have you, my friends," Dotcom  tweeted before the court hearing. The court ruling comes almost three years after the New Zealand police raided Dotcom's

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

Until now, our privacy has been violated by many big Internet Services, including Google who uses our personal information for the advertising purposes and this is exactly how the companies handle the mass of personal data we provide them. But, recent report about another big giant Microsoft shows that it omits almost all other privacy aspects, as it targets ' Integrity ' of our data. To hold on our large data, having backups is always a good idea and many of us prefer cloud-based backup solutions such as Google Drive, Dropbox, Box, RapidShare, Amazon Cloud Drive to store and secure our personal data. But, unfortunately with Microsoft OneDrive storage service, it doesn't work. Microsoft fails to deliver integrity to its users as Microsoft's OneDrive for Business cloud-based storage service has been modifying users' files when they are uploading to Cloud storage, according to an Ireland based Storage technology researcher Seán Byrne, who posted about it in a Myce

Security expert Ebrahim Hegazy , Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter that allows an attacker to upload files of any extension including PHP. When an application does not validate or improperly validates file types before uploading files to the system, called Unrestricted File upload vulnerability . Such flaws allow an attacker to upload and execute arbitrary code on the target system which could result in execution of arbitrary HTML and script code or system compromise. According to Ebrahim, when a developer creates a new application for Twitter  i.e. dev.twitter.com - they have an option to upload an image for that application. While uploading the image, the Twitter server will check for the uploaded files to accept certain image extensions only, like PNG, JPG and other extensions won't get uploaded. But in a Video Proof of Concept he demonstrated  that, a vulnerability allowed him to bypass this security validation

Q-CERT team found a critical vulnerability that allows the attacker to bypass the two-factor authentication in the most popular file sharing service ' DropBox '. Two Factor Authentication is an extra layer of security that is known as " multi factor authentication " that requires not only a password and username but also a unique code that only user can get via SMS or Call. Zouheir Abdallah demonstrated , if an attacker already knows the username and password of the victim's Dropbox account, which is protected by two-factor authentication, it is still possible to hack that Dropbox account using following explained technique. DropBox does not verify the authenticity of the email addresses used to Sign up a new account, so to exploit this flaw hacker just need to create a new fake account similar to the target's account and append a dot (.) anywhere in the email address. In Next step, enable 2-factor authentication for the fake account, and save the emerg