Vulnerability in PostBus Public Transport Platform

PostBus, a subsidiary of ÖBB-Personenverkehrs AG, has fixed a serious data exposure vulnerability in one of its online Swiss public transport platforms. ZTF cybersecurity researchers Sven Faßbender, Martin Tschirsich, and Dr André Zilch conducted a penetration test on the platform and found that it was vulnerable to attack.

Read more

Billing Software App: SQL Injection Flaw

Cybercriminals are exploiting a vulnerability in BillQuick, the popular billing software. They are making it so that ransomware is spread. Security researchers at Huntress warn about this. BQE Software’s BillQuick Web Suite versions earlier than has an SQL injection that gives rise to a more serious remote code execution (RCE) risk. The CVE-2021-42258 vulnerability … Read more

Three Malicious Packages after More than 10,000 Downloads Are Removed by PyPI Admins

The Python Package Index (PyPI) has removed thousands of packages that are dangerous. These packages tricked people by using the name of other packages, but they were really malware-deploying and data-stealing. Two packages in this group of three malicious packages included their source code URL as an existing popular library. This made it look like … Read more