Introduction A wildcard SSL certificate allows you to secure all subdomains with just one certificate, for example “*.example.com”, “subdomain.example.com”. With the help of Let’s Encrypt, we can obtain a free and automated SSL/TLS Certificate using Certbot through the DNS challenge method. However, keep in mind that the certificate is not valid for domain names using sub-subdomains such as sub.sub.example.com.
This method is very suitable if you have setups like: …
Summary A WordPress plugin with more than 900,000 active installations is reported to have a Remote Code Execution (RCE) vulnerability with critical severity.
This vulnerability allows attackers to execute arbitrary code on the target server under certain conditions. Given the large installation scale, the potential for mass exploitation is very high.
Technical Impact A Remote Code Execution (RCE) vulnerability in a WordPress installation is one of the most critical vulnerability categories …
Every 39 seconds, one cyber attack occurs somewhere in the world1. Many internet users still rely on passwords as the only protection for their accounts, even though this is very risky. Therefore passwords alone are not enough and Two Factor Authentication (2FA) can save you from account theft.
Why Passwords Alone Are Not Enough? Passwords are often easy to guess, reused across many sites, or even leaked through phishing attacks and major data breaches such as those that happened at Facebook, …
We live in a digital era where almost all activities are connected to the internet — from shopping, banking, working, to entertainment. But many people are still careless about protecting their personal data and unknowingly open gaps for cyber attacks. This is where cyber hygiene becomes important, which refers to good digital habits to prevent cyber attacks.
What Is Cyber Hygiene? Cyber hygiene is a set of practices or daily routines that help maintain the security of your information and …
In this post you will understand what HTTP is examples of HTTP request and response and how it works behind your browser. This is an important foundation to understand how the web works which will be very useful for web hacking bug bounty and pentesting.
What Is HTTP? HTTP Hypertext Transfer Protocol is the main protocol used to send data between client browser and server web server.
Every time we access a website the browser sends an HTTP request and the server responds with an HTTP response. …
In recent years, ransomware has become one of the most serious threats in the cybersecurity landscape. It no longer targets large enterprises only; cybercriminals now also target SMEs, educational institutions, and even the healthcare sector. The impact can be severe, ranging from operational disruption and loss of critical data to financial losses due to ransom payments.
Readers can see continuously updated ransomware victims on Ransomware Live. From there, we can observe that ransomware …
Overview Web phishing is one of the attack methods most frequently used by attackers. In a phishing attack, the attacker creates a fake website that imitates a legitimate website. This fake website is usually used to steal sensitive information from victims, such as login credentials, credit card information, and others.
A common perception is that phishing websites always use the HTTP protocol. However, is that really the case? Do phishing websites never use the HTTPS protocol?
What Is a Credential Attack? A credential attack or credential-based attack is a hacking attempt to take over someone’s account by stealing a username and password. Usually this is done through techniques like phishing, credential stuffing, and brute force.
Simply put, attackers spy, guess, or try thousands of password combinations to get into your account. After that, they can access all the data inside it, such as email accounts, social media accounts, game accounts, and even banking …
Why Is Validating SPF, DKIM, and DMARC Important? If you have already configured SPF, DKIM, and DMARC in DNS, don’t immediately assume everything is secure. An invalid configuration can cause emails to go into the spam folder or even be rejected by the receiving server. That’s why validation is very important to ensure the configuration you created actually works.
If you are still confused about what SPF, DKIM, and DMARC are, you can read the article Email DNS Security Configuration …
This is actually an old case that went viral last year. While browsing Facebook, I frequently encountered sponsored job advertisements claiming to be from well-known companies — especially in mining, factory, and other blue-collar sectors — such as PT Epson, PT Unilever, PT Indofood, and other major corporations.
These ads direct applicants to register online by filling out personal information such as:
Full name Address Phone number National ID number And other personal details Unfortunately, …
