• WELCOME TO

    VISTA InfoSec Blog

    Trusted Advisors, Assured Compliance.
  • DO YOU NEED
    BFSI Security Solutions
    Check out our options and features.
    Get Started Now!
  • DO YOU NEED A NEW
    Government Security Solutions
    Check out our options and features.
    Get Started Now!
  • DO YOU NEED A NEW
    Healthcare Security Solutions
    Check out our options and features.
    Get Started Now!
  • DO YOU NEED A NEW
    Retail Security Solutions
    Check out our options and features.
    Get Started Now!
  • DO YOU NEED A NEW
    Energy & Utilities Security Solutions
    Check out our options and features.
    Get Started Now!

ATM- Hardware & Software Security Guidelines

Share Button

The recent hack of 3.2 million cards in India proved that hackers have identified and rightly so that the weak link in the chain are the channel banking In the past, ATM machines were primarily used to deliver cash in the form of bank notes and to debit the corresponding bank account. However, ATM machines […]

eKYC – All you wanted to know and didn’t know whom to ask

Share Button

WHAT IS KYC? KYC (Know your customer) is the process through which a business organization identifies and verifies the identity of its customers. Before certain services can be availed in India the customer needs to provide documentations such as identity and address proofs This customer identification process is known as “Know Your Customer” (KYC) and […]

Debit Card Fraud: Fact Vs Fiction

Share Button

In what is being described as one of the biggest ever breaches of financial data in India, approximately 32 lakh debit cards in India are thought to be compromised as customers reported unauthorised usage from locations in China. The banks worst hit from the cybersecurity attack are reported to be State Bank of India, Yes […]

Carbanak APT:: $1 billion Bank Robbery

Share Button

Researchers from the security firm (Kaspersky), working together with the International Criminal Police Organization (Interpol), Europol and law enforcement agencies including the NHTCU have uncovered a two-year criminal operation which relieved banks of $1 billion worldwide. Since 2013, the cybergang have attempted to attack banks, e-payment systems and financial institutions using the Carbanak malware. The […]

End of SSLv3 (CVE-2014-3566): POODLE

Share Button

Google researchers recently uncovered a security bug (CVE-2014-3566) that could allow hackers to steal data. This vulnerability is a Man-In-The-Middle (MITM) attack which means a client-to-server session is being hijacked and then used in a malicious manner. This attack has been associated with SSLv3 connections, and could force TLS sessions to downgrade to SSLv3. The […]

“ShellShock” aka “Bash Bug” Vulnerability | CVE-2014-6271

Share Button

After Heartbleed, a very critical vulnerability recently published that affects most Linux, UNIX and Mac OS X operating systems named as “Shellshock” or “Bash Bug”. The vulnerability is more critical than Heartbleed vulnerability, affects systems which uses Linux/Unix command-line shell, known as Bash, aka GNU Bourne Again Shell (version 4.3 or lower) and parse values […]

ManageEngine Service Desk – Multiple Vulnerabilities

Share Button

VISTA InfoSec – Information Security Consultant Mr. Yogesh Jaygadkar has discovered a Cross Site Scripting & File Upload weakness in ManageEngine ServiceDesk, the same has been reported to the vendor. Awaiting for the fix from the vendor.

Tushar Parab reported Cross Site Scripting [acknowledged by eBay]

Share Button

VISTA InfoSec – Information Security Consultant Mr. Tushar Parab has discovered Cross Site Scripting (Non-persistent) in deals.ebay.in. He has been acknowledge by eBay for reporting this vulnerability. Affected URL: http://deals.ebay.in/ebaydeals/ Issue Fixed: Yes eBay’s Security Researchers Acknowledgement Page: http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html

How to brute force Web Application Login Form by using Burp Suite

Share Button

Unlike any other web application attack which targets vulnerabilities in web applications, brute force attack targets Authentication algorithm of web application. It tries to guess weak or common Passwords like “pass@123” and Username like “admin” Here we will brute force Word Press Admin Login Page by using Burp suite. Before we start let’s get introduced […]

Dell OpenManage Server Administrator “file” Redirection Weakness

Share Button

VISTA InfoSec’s Information Security Consultant Mr. Mahendra Dhodi has discovered a weakness in Dell OpenManage Server Administrator, which can be exploited by malicious people to conduct spoofing attacks. Input passed via the “file” GET parameter to /HelpViewer is not properly sanitised before being used to redirect users. This can be exploited to redirect a user […]