Samsung Patches CSRF Issues That Could Allow Hackers to Take Over User Accounts

Samsung Patches CSRF Issues That Could Allow Hackers to Take Over User Accounts

The researcher who found the bugs got a $13,300 bounty

phpMyAdmin Fixes Severe Local File Inclusion Vulnerability

phpMyAdmin Fixes Severe Local File Inclusion Vulnerability

XSRF/CSRF and XSS security issues also patched

Novidade Exploit Kit Actively Targeting SOHO and Home Routers

Novidade Exploit Kit Actively Targeting SOHO and Home Routers

Malware campaign uses CSRF to change routers' DNS settings

Fixed Facebook Privacy Bug Could Have Allowed Bad Actors to Steal Personal Info

Fixed Facebook Privacy Bug Could Have Allowed Bad Actors to Steal Personal Info

Security issue resided in iframe used for internal tracking

Security Bug Lets Hackers Steal Monero, Today's 2nd Most Popular Cryptocurrency

Security Bug Lets Hackers Steal Monero, Today's 2nd Most Popular Cryptocurrency

Despite fix, many Monero wallets remain vulnerable

Vulnerability in Yandex Browser Allows Attackers to Steal Victims' Browsing Data

Vulnerability in Yandex Browser Allows Attackers to Steal Victims' Browsing Data

Vulnerability is easy to exploit, hard to spot

XSS and CSRF Bugs in Steam Dev Panel Let Anyone Be a Valve Admin

XSS and CSRF Bugs in Steam Dev Panel Let Anyone Be a Valve Admin

Valve admins had better watch their cookies!

Infographic: How CSRF Attacks Work

Infographic: How CSRF Attacks Work

CSRF is more dangerous than many people think

  • Security
  • By Catalin Cimpanu
  • February 28th, 2016
One in Ten Top Internet Sites May Be Vulnerable to CSRF and XSS Attacks

One in Ten Top Internet Sites May Be Vulnerable to CSRF and XSS Attacks

CloudFlare researchers finds that 10% of Alexa Top 1 Million sites use improper CORS security settings

  • Security
  • By Catalin Cimpanu
  • February 27th, 2016
The Most Common Vulnerabilities in Open Source Web Applications Are XSS and SQLi

The Most Common Vulnerabilities in Open Source Web Applications Are XSS and SQLi

Remote and Local File Inclusion vulnerabilities ranked third

  • Security
  • By Catalin Cimpanu
  • January 19th, 2016
ASDA Supermarket Exposed Customer Details for Almost Two Years

ASDA Supermarket Exposed Customer Details for Almost Two Years

Supermarket chain takes forever to fix XSS and CSRF bugs

  • Security
  • By Catalin Cimpanu
  • January 14th, 2016
Infographic: The Five Stages of a Web Attack

Infographic: The Five Stages of a Web Attack

An intro into the five stages of a Web attack

  • Security
  • By Catalin Cimpanu
  • January 11th, 2016
CSRF Bug in Verizon's API Left My FiOS Accounts Open to Attacks

CSRF Bug in Verizon's API Left My FiOS Accounts Open to Attacks

API used a simple authentication scheme, exposing users to CSRF attacks that allowed third-parties to hijack accounts

Spring Social Library Grants Attackers Access to Your Private Accounts

Spring Social Library Grants Attackers Access to Your Private Accounts

CSRF attack caused by anti-CSRF protection system

Huawei 3G Router Goes Unnoticed All These Years Sporting XSS, CSRF, and DoS Bugs

Huawei 3G Router Goes Unnoticed All These Years Sporting XSS, CSRF, and DoS Bugs

Huawei's B260A 3G router was a complete mess

Insecure Flash Cross-Domain Policies Expose Users to Abuse on One in Ten Websites

Insecure Flash Cross-Domain Policies Expose Users to Abuse on One in Ten Websites

968 websites in the Alexa top 10,000 are vulnerable

  • Security
  • By Catalin Cimpanu
  • September 22nd, 2015
Western Digital My Cloud Devices Can Be Hacked by Local or Remote Attackers

Western Digital My Cloud Devices Can Be Hacked by Local or Remote Attackers

Security researchers find CSRF and code injection flaws

 
Want more? Browse: