Tag Archives: Vulnerabilities

Hepatocyte specific model

Starting with the thermodynamically curated human genome-scale Recon 3D^30,31, we reconstructed a hepatocyte metabolic model by taking into account the physiology of hepatocytes and the genes expressed in liver cells. Towards this end, we defined the physiology of hepatocytes by integrating in the human Recon3D model publicly available fluxomics data for 92 boundary reactions²⁸ and metabolomics data for 213 metabolites²⁹ from previous hepatocyte model reconstructions. Additionally, we set the growth rate of the hepatocyte to a maximum of 0.014 h⁻¹ corresponding to a doubling time of 49.5 h⁴⁹ and the ATP maintenance rate to at least 1.07 mmol/gDW/h⁵⁰. The Human Protein Atlas (www.proteinatlas.org)²⁷ was used to identify 1853 metabolic genes present in…

Today a customer did the right thing and forwarded a strange email to us to check whether it was genuine. It was not, and thanks to their they avoided an attempted phishing attack.

The email was made to look as if it was sent by WordPress, saying that a security risk (an so-called “Remote Code Execution (RCE) high-risk vulnerability”) required a new patch, CVE-2024-41688. The “Download” link leads to a fake website which harvests user information.

If you have received an email with these details, ignore it and block the sender:

Sender: no-reply@delivermail-wordpress.org or noreply@help-wordpress.org
Subject: CRITICAL: Your website <example.com> is at risk!
Recommended WordPress patch: CVE-2024-46188 (which is a fake code – this patch does not exist)

More about WordPress…

Today a customer did the right thing and forwarded a strange email to us to check whether it was genuine. It was not, and thanks to their they avoided an attempted phishing attack.

The email was made to look as if it was sent by WordPress, saying that a security risk (an so-called “Remote Code Execution (RCE) high-risk vulnerability”) required a new patch, CVE-2024-41688. The “Download” link leads to a fake website which harvests user information.

If you have received an email with these details, ignore it and block the sender:

Sender: no-reply@delivermail-wordpress.org or noreply@help-wordpress.org
Subject: CRITICAL: Your website <example.com> is at risk!
Recommended WordPress patch: CVE-2024-46188 (which is a fake code – this patch does not exist)

More about WordPress…

Web Application Security consists of a myriad of security controls that ensure that a web application:

1. Functions as expected.
2. Cannot be exploited to operate out of bounds.
3. Cannot initiate operations that it is not supposed to do.

Web Applications have become ubiquitous after the expansion of Web 2.0, which Social Media Platforms, E-Commerce websites, and email clients saturating the internet spaces in recent years.

As the applications consume and store even more sensitive and comprehensive data, they become an ever more appealing target for attackers.

Common Attack Methods

The three most common vulnerabilities that exist in this space are Injections (SQL, Remote Code), Cryptographic Failures (previously sensitive data exposure), and Broken Access Control (BAC). Today, we will…

Some serious security vulnerabilities exist in the web hosting platform cPanel & WHM allowing for remote attacks. Some of the bugs actually exist because of an intended feature, hence, remain unfixed.

cPanel & WHM Vulnerabilities

Researchers from the UK-based cybersecurity firm Fortbridge have found numerous security issues in the popular web hosting platform.

In a recent blog post, Adrian Tiron, Cloud AppSec Consultant at Fortbridge, explained that exploiting the vulnerabilities allows remote code execution attacks on cPanel & WHM.

Briefly, the researchers spotted the bugs during a black-box pentest of cPanel/WHM that supports entire server administration.

One of the bugs includes an XML External Entity (XXE) that existed in the reseller account the researchers tested. This issue…