The Principle of Least Privilege

If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle which has applications and benefits to strengthen your website security posture.
This principle is about:

Using the minimal set of privileges on a system in order to perform an action.
Granting those privileges only for the time the action is necessary.

Access Control Example
If you hire a gardener, you grant them access to your yard – not your bedroom, living room or your home office.
Continue reading The Principle of Least Privilege at Sucuri Blog.

Link: https://blog.sucuri.net/2017/04/the-principle-of-least-privilege.html

Wells Fargo Poor Password Configurations

WellsFargo.com password and security management has been identified as being in a weak state of configuration and violation of PCI DSS 3.2 Subsection 8.2.3, 8.2.4. Multiple vulnerabilities result in poor credential management and configuration, as well as flaws in triggering fraud detection. Some vulnerabilities can be paired with each other to increase the risk associated.

Link: https://packetstormsecurity.com/files/142249/wellsfargo-password.txt

DAVOSET 1.3.2

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Link: https://packetstormsecurity.com/files/142257/DAVOSET_v.1.3.2.rar

Oracle Java 64bit DLL Hijacking

A code injection through DLL sideloading vulnerability exists in 64-bit Oracle Java.

Link: https://packetstormsecurity.com/files/142260/oraclejava-dllhijack.txt