#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

php backdoor | Breaking Cybersecurity News | The Hacker News

Critical PHPMailer Flaw leaves Millions of Websites Vulnerable to Remote Exploit

Critical PHPMailer Flaw leaves Millions of Websites Vulnerable to Remote Exploit

Dec 26, 2016
A critical vulnerability has been discovered in PHPMailer , which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide. Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including SMTP to their users. Discovered by Polish security researcher Dawid Golunski of Legal Hackers , the critical vulnerability ( CVE-2016-10033 ) allows an attacker to remotely execute arbitrary code in the context of the web server and compromise the target web application. "To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class," Golunski writes in the advisory published today. Golunski respo
PornHub Pays Hackers $20,000 to Find Zero-day Flaws in its Website

PornHub Pays Hackers $20,000 to Find Zero-day Flaws in its Website

Jul 25, 2016
Cyber attacks get bigger, smarter, more damaging. P*rnHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded. Now, it turns out that the world's most popular p*rn*graphy site has paid its first bounty payout. But how much? US $20,000! Yes,  P*rnHub  has paid $20,000 bug bounty to a team of three researchers, who gained Remote Code Execution (RCE) capability on its servers using a zero-day vulnerability in PHP – the programming language that powers  P*rnHub 's website. The team of three researchers, Dario Wei├čer (@haxonaut), cutz and Ruslan Habalov (@evonide), discovered two use-after-free vulnerabilities ( CVE-2016-5771/CVE-2016-5773 ) in PHP's garbage collection algorithm when it interacts with other PHP objects. One of those is PHP's unserialize function on the website that handles data uploaded by users, like hot pictures, on multiple paths,
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Vulnerability in WPTouch WordPress Plugin Allows Hackers to Upload PHP backdoors

Vulnerability in WPTouch WordPress Plugin Allows Hackers to Upload PHP backdoors

Jul 15, 2014
If you own a mobile version for your Wordpress website using the popular WPtouch plugin, then you may expose to a critical vulnerability that could potentially allow any non-administrative logged-in user to upload malicious PHP files or backdoors to the target server without any admin privileges. WordPress is a free and an open source blogging tool as well as a content management system (CMS) with 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs. That is why, it is easy to setup and used by more than 73 million of websites across the world, and about 5.7 million them uses WPtouch plugin, making it one of the most popular plugins in the WordPress plugin directory. WPtouch is a mobile plugin that automatically enables a user friendly and elegant mobile theme for rendering your WordPress website contents on the mobile devices. User can easily customize many aspects of its appearance by the adm
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Cybersecurity Resources