|
|
|
30
Adobe released the 11.6.4.634 variant of Shockwave Player to patch a number of nine security holes that were identified in the previous versions of the product, for both Windows and Mac operating systems.
If exploited, the vulnerabilities could allow an attacker to execute malicious code on the affected system, whic... |
14 February 2012
10:55 GMT |
 |
|
Members of TeamHav0k identified another series of cross-site scripting (XSS) vulnerabilities in high-profile websites, including Oracle.com, FCC.gov and NFL.com.
While in the case of Federal Communications Commission (FCC) and National Football League (NFL) the security holes were present on subdomains, in the case ... |
13 February 2012
15:41 GMT |
|
|
This week’s episode of Hackers around the world features the first white hat hacker to take part in our series. Up until now, we’ve only talked to black hats and gray hats, so we’ve decided to take a look at what a white hat has to say about vulnerabilities, hacktivist movements and life in general.
Ucha... |
11 February 2012
10:51 GMT |
|
|
As part of Operation Return, TeamHav0k hackers revisited some of the vulnerabilities they found last year in government and university websites. Fortunately, the university websites appreciated the findings and patched up all the flaws, but government website administrators weren’t so eager to address the secur... |
11 February 2012
06:50 GMT |
|
|
The open-source forum script’s developers released the MyBB 1.6.6 security update for the 1.6 series to address one major and fourteen low risk issues that may have exposed their customers. A non-critical security hole that was resolved refers to the ability to import a non-CSS stylesheet. Prior to this update... |
10 February 2012
03:35 GMT |
|
|
Hackers from TeamHav0k return with other cross-site scripting (XSS) vulnerabilities that they found in some major sites. This time the XSS flaws were identified on subdomains of the websites owned by the US Department of Defense, Tricare, the site of the health organization especially purposed for uniformed service m... |
7 February 2012
09:32 GMT |
|
|
Ucha Gobejishvili, the Vulnerability Lab researcher also known as Longrifle0x, identified a number of space agency websites that contain cross-site scripting (XSS) vulnerabilities and publicly disclosed the information. He discovered multiple flaws on subdomains owned by the National Aeronautics and Space Administra... |
7 February 2012
04:28 GMT |
|
|
Sebastian Lodtke, a researcher from the Vulnerability Lab, identified a cross-site scripting (XSS) vulnerability in the public website of the American video game developer, marketer, and publisher Electronic Arts (EA). The non-persistent security hole could have allowed a remote attacker to hijack customer sessions ... |
7 February 2012
03:55 GMT |
|
|
After being silent for more than a week, members of TeamHav0k came forward with another cross-site scripting (XSS) vulnerability found in a high-profile website. This time it’s the site of the National Aeronautics and Space Administration (NASA), more precisely the subdomain dedicated to the Kennedy Space Cente... |
4 February 2012
04:37 GMT |
|
|
Security researcher Ucha Gobejishvili, also known as longrifle0x, found cross-site scripting (XSS) vulnerabilities in another series of important websites, including java.com, developers.sun.com, java.sun.com, and nero.com.
The expert’s findings were submitted to XSSed, a site that provides information on XSS ... |
1 February 2012
10:23 GMT |
|
|
Researchers from the Vulnerability Laboratory have found that two other important public websites are vulnerable to remote attacks. This time, the sites belonging to the Federal Aviation Administration (FAA) and Oracle Solutions were identified as containing security flaws. Ucha Gobejishvili, also known as longrifl... |
28 January 2012
03:59 GMT |
|
|
The Apple online store is down worldwide — reason enough to get excited and write a story about it, as usual. But it appears security is the culprit this time around, not new product announcements. Some Macs are due for a refresh (some, like the Mac Pro, are actually overdue), and we also shouldn’t bet a... |
27 January 2012
03:45 GMT |
|
|
A researcher from the Vulnerability Laboratory came across a cross-site scripting (XSS) vulnerability in the Google Apps webpage, hosted on the google.com domain, but also in other popular websites. Ucha Gobejishvili, also known as longrifle0x, found the flaw in Google Apps and reported it to Google. Even though th... |
27 January 2012
03:05 GMT |
|
|
After yesterday they revealed that many high-profile websites contained major cross-site scripting (XSS) vulnerabilities, hackers from TeamHav0k stepped it up a notch and initiated OP XSS 2.0 to show that even websites hosted on government (.gov) and education (.edu) domains are highly vulnerable. In OP XSS 2.0, the... |
24 January 2012
03:19 GMT |
|
|
A relatively new hacking collective, TeamHav0k, launched an operation called “#OP XSS” in which they try to find cross-site scripting (XSS) vulnerabilities in major websites. The first results of the operation came in and it turns out that a lot of important sites contain the flaw the hackers were looking... |
23 January 2012
03:09 GMT |
|
|
A flaw currently present in Internet Explorer (IE) could be exploited by hackers and used to launch cross-site scripting (XSS) attacks, due to the way double quotes (“) are encoded by the web browser. IMPERVA researchers found the vulnerability and contacted Microsoft, but the Redmond company doesn’t se... |
20 January 2012
11:07 GMT |
|
|
Giorgio Maone has recently released a new version for his Firefox add-on, NoScript. The new build is 2.2.6 and it was launched with only one release candidate paving its path.
There aren’t too many changes since the release of the previous version, which had no less than three release candidates to solve vario... |
13 January 2012
08:01 GMT |
|
|
A couple of Indian security researchers, Aditya Modha and Samir Shah, found an easy-to-exploit cross-site scripting (XSS) weakness that affected all WordPress 3.3 websites, but version 3.3.1 was quickly released to fix the issue. The researchers showed that by posting a comment on a targeted site using a special scr... |
4 January 2012
02:38 GMT |
|
|
Indian security researchers Aditya Modha and Samir Shah found a zero-day cross-site scripting (XSS) vulnerability in the recently released WordPress 3.3.
Modha and Shah tested the proof of concept on an Apache server, proving that by simply posting a comment on a WordPress website, an attacker can execute arbitrary ... |
3 January 2012
08:14 GMT |
|
|
The official websites belonging to the Central Intelligence Agency (CIA) and the National Aeronautics and Space Administration (NASA) were found to contain serious cross-site scripting flaws by a hacker called D35M0nd142.
“First of all, this attack did not have any purpose or malicious damage. I just wanted to... |
28 December 2011
10:27 GMT |
|
|
Multiple reflective cross-site scripting (XSS) vulnerabilities were found in the 3.1.5 version of Fork CMS, the open-source PHP and MySQL content management system.
The flaws, tested on Windows XP and Windows Vista using Internet Explorer 9, were present in both the front end and the administrator panel.
In the 3.1... |
21 December 2011
04:31 GMT |
|
|
It seems as for some, a serious hacking operation is not enough to make them learn about the importance of a secured website. After not long ago they fell victim to a data breach as a result of which many of their customers were left exposed, Comodo proves that it learned very little from the incident. Team Elite di... |
19 December 2011
08:05 GMT |
|
|
We’re presented with another situation in which security solutions providers fail to protect their public assets, leaving them vulnerable for cyberattacks. The official site of Norman (norman.com), a proactive content security solutions and forensics malware tools provider, and the Polish variant of Avast&rsquo... |
19 December 2011
05:13 GMT |
|
|
Team Elite has published a proof of concept to show a cross-site scripting (XSS) and an iframe injection flaw in Kaspersky’s Polish product store (softbuy.pl/kaspersky/store). It seems that the product purchase page contains some weaknesses which could allow a hacker to execute arbitrary code. It’s... |
18 December 2011
10:46 GMT |
|
|
Some serious vulnerabilities that could have allowed an attacker to launch a cross-site scripting (XSS) attack on Adobe’s ColdFusion customers were patched up with the latest hotfix.
Shawn Gorrell and Howard Fore of the Federal Reserve Bank of Atlanta, and Oren Hafif from Hacktics ASC, Ernst & Young were the o... |
14 December 2011
09:54 GMT |
|
|
A hacker called Vansh Sharma claims he found a cross-site scripting (XSS) vulnerability in Google Code’s Code Playground, the section of Google Code where users can test their programming skills.
The Hacker News published a proof of concept that can be tried out by anyone. Just go to http://code.google.com/api... |
8 December 2011
02:40 GMT |
|
|
A security researcher showed that the use of HTML, CSS and JavaScript in the development of a mobile application, after the operating system’s web browser has been embedded, can make the resulting apps vulnerable to cross-site scripting attacks. According to H-Secure, Kyle Osborn presented his findings on this... |
7 December 2011
10:07 GMT |
|
|
Adobe discovered a critical vulnerability in Flex SDK 4.5.1 and earlier versions for all the major platforms which permitted an attacker to launch a cross-site scripting attack and as a result, they launched an update.“An important vulnerability has been identified in the Adobe Flex SDK 4.5.1 and earlier 4.x ve... |
1 December 2011
11:03 GMT |
|
|
Team Elite probed a lot of ministry websites around the world and, besides the one that belonged to the Information and Communications Ministry of Nepal, they found that the site owned by the Federal Ministry of Information & Communications of Nigeria also presents flaws that could allow an attacker to inject a malic... |
28 November 2011
13:21 GMT |
|
|
The product checkout page of ArcaBit’s Polish website presented vulnerabilities that could have allowed a hacker to execute a maliciously crafted arbitrary code.
Team Elite reports that two years ago the website had the same weaknesses, but after a redesign process, the site became once again vulnerable to cro... |
28 November 2011
08:46 GMT |
|
|
The official website belonging to the Information and Communications Ministry of Nepal was discovered as presenting two major vulnerabilities that could allow a hacker to run a piece of arbitrary code. Team Elite, the ones that discovered the cross-site scripting and iframe injection flaws, already notified the inst... |
28 November 2011
02:54 GMT |
|
|
phpMyAdmin, the popular tool written in PHP intended to handle the administration of MySQL databases, has just reached version 3.4.8 RC1. PhpMyAdmin 3.4.8 RC1 is the first release candidate in the new series and it's mainly a bugfix release with minor security corrections.Among the bugs fixed in phpMyAdmin ... |
25 November 2011
04:49 GMT |
|
|
phpMyAdmin, the popular tool written in PHP intended to handle the administration of MySQL databases, has just reached version 3.4.6. The developers of phpMyAdmin have stated that this is only a bugfix and minor security release. Nonetheless, users should upgrade to the latest version as there are quite a few changes... |
17 October 2011
10:59 GMT |
|
|
The phpMyAdmin developers have released versions 3.4.4 and 3.3.10.4 of the web-based database management tool in order to address several cross-site scripting (XSS) vulnerabilities.The flaws are all covered in the same advisory because they are located in the same component which handles the tracking feature.They ste... |
26 August 2011
12:49 GMT |
|
|
The WordPress development team has released version 3.1.1 of the blog publishing platform in order to address multiple stability and security issues.In total, the new WordPress 3.1.1 fixes almost thirty bugs including three vulnerabilities discovered by core developers Jon Cave and Peter Westwood.One flaw was located... |
6 April 2011
05:23 GMT |
|
|
WordPress 3.0.4 has been released as a critical security update for the popular blogging platform to address several cross-site scripting issues.WordPress developers recommend deploying the update as soon as possible, because the weaknesses are located in a core component."I would rate this release as 'critical&... |
30 December 2010
02:48 GMT |
|
|
The latest version of SharePoint Server, released concomitantly with Office 2010 RTM, does not contain the vulnerable code of a zero-day security flaw in SharePoint Server 2007 and Windows SharePoint Services 3.0. Microsoft is hard at work investigating reports of a previously undisclosed SharePoint vulnerability tha... |
30 April 2010
07:26 GMT |
|
|
Microsoft plans to release and update to the Internet Explorer 8 XSS Filter that will further bulletproof the browser against attacks. The Redmond company already took measures to address an issue impacting the XSS Filter. In this regard, the January security update to Internet Explorer (MS10-002) was designed to res... |
20 April 2010
07:43 GMT |
|
|
Preview builds of Firefox 3.7 are now available for download, offering the first fruits of Mozilla’s efforts to bulletproof systems against cross-site scripting related attacks. At the end of the past month, Brandon Sterne, Mozilla security program manager, revealed that the work necessary to turn the Content S... |
5 October 2009
10:07 GMT |
|
|
US-based security researcher and open-source developer Brian Mastenbrook announced on his blog that, for the last month, he worked together with security experts at RubyOnRails to repair an XSS vulnerability in its framework. On that same framework, Internet giants like Twitter, Basecamp, Highrise, Backpack, and Camp... |
4 September 2009
05:47 GMT |
|
|
Adobe Inc. published on the 17th of August 2009 several security fixes for the ColdFusion web design and development platform and also for the web servlet engine JRun. The updates were labeled as critical and resolved several cross-site scripting vulnerabilities that could have compromised and exposed account informa... |
18 August 2009
06:32 GMT |
|
|
The greyhats at Team Elite, who were recently falsely blamed for hacking the MI5 website to steal the personal information of visitors, targeted the newspapers that denigrated them. Members of the outfit responded to the slanderous articles by revealing XSS weaknesses in the websites of The Daily Express and The Tele... |
1 August 2009
04:48 GMT |
|
|
The hackers' assault on security vendors' websites continues with ESET, developer of the popular NOD32 antivirus solution. Multiple websites controlled by the company are vulnerable to cross-site scripting and SQL injection. A hacker calling himself Methodman has published proof-of-concept attacks against ... |
28 February 2009
06:31 GMT |
|
|
Security vendor Kaspersky Labs warns that between 2,000 and 10,000 American and Western European web pages have been hacked in a two-day interval. The cybercriminals responsible for the attack have not been identified yet, but the details of the incident are highly similar to an attack that took place last spring and... |
10 November 2008
05:46 GMT |
|
|
Netcraft, a British company that offers Internet and security services, announced that a phishing attack was compromising Yahoo accounts. According to the company, the attack was using obfuscated JavaScript code injected in the hotjobs.yahoo.com website in order to gather authentication cookies from users accessing t... |
28 October 2008
05:54 GMT |
|
|
As bulletproofed as Internet Explorer 8 will be by default against XSS vulnerabilities, the fact of the matter is that the browser alone will not be able to guarantee the security of end users when it comes down to exploits and attacks using the most widespread type of security holes in web-based applications. &... |
2 September 2008
05:45 GMT |
|
|
A detailed XSS filter architecture and implementation article has been published on the Security Vulnerability Research & Defense blog. The main goal of the XSS filter integrated in IE8 is to prevent exploitation of cross-site scripting vulnerabilities without breaking the web.Cross-site scripting (XSS) is a type of ... |
21 August 2008
06:08 GMT |
|
|
An Australian site has been "hacked" by a computer geek. Nothing bad actually happened, but a lot of people started thinking that the web page had been defaced, as it showed a rather political statement. It said that John Howard liked to suck blood in one case, and d*** in another. This is really funny! Some people ... |
11 October 2007
05:20 GMT |
|
|
Many sites are hackable and malicious users don't sit on their butts - they're always looking for something more than they can exploit. A lot of web pages are vulnerable to cross-site scripting and CSS or XSS, whatever you like to call it, is pretty dangerous. Now, what can you do when you upload a site? We... |
4 September 2007
08:50 GMT |
|
|
|
|
Find us on Google+
