The Nepali Email Dump and Its Implications

Last Saturday, June 29, 2019, a group calling themselves Black Hawk Caphilates released a list of 37,122 email addresses, supposedly belonging to Nepali people and claimed it to be the largest email leak in Nepal’s…

Safety guidelines for government issued email

Nepal Government, in a surprising move, has made provisions for all government employees to be issued official email address (of the form *@mail.nepal.gov.np) and has mandated its compulsory use for all government offices and employees….

Ensuring Secure Online Presence

The recent scandal of Facebook’s user data being harvested for use for election manipulation by Cambridge Analytica has brought the issue of data security to wider public discussion. Our private data entrusted to an entity…

Threat Report 2017, Nepal – TL;DR

Threat Report 2017 is a comprehensive report that has analysed the security of Nepali cyberspace. It compiles all the major cybersecurity incidents that occured in the last year within Nepal and all the major issues…

MS Edge – HTTP Access Control (CORS) Bypass

This is a short post about a vulnerability that Prakash Sharma from our web app pentesting team, found in Microsoft Edge. TL;DR Edge failed to recognize HTTP Authentication information (i.e. Authorization Header) as credential information…