|
|
|
30
More: next 50 >>
Secure cloud hosting firm FireHost reveals that in the first quarter of 2013, the volume of Cross-Site Request Forgery (CSRF) attacks increased by 132% compared to the same period of 2012. SQL Injection attacks have also increased in frequency compared to the first quarter of 2012, by 87%.
According to the company&r... |
23 April 2013
17:01 GMT |
 |
|
Independent security researcher Abdelmorite Eljoaydi, aka Jigsaw, has reported several web vulnerabilities to Oracle over the past weeks. The company has addressed some of them with the recently released April 2013 Critical Patch Update, but some of them still remain unfixed. The expert has told Softpedia that he ha... |
17 April 2013
10:11 GMT |
|
|
Security solutions provider Sophos has addressed several vulnerabilities identified by SEC Consult Vulnerability Lab experts in Sophos Web Appliance. The updated version, 3.7.8.2, was made available to all customers on April 1. According to the advisory published by SEC Consult, the company has identified three vuln... |
5 April 2013
14:21 GMT |
|
|
Security researchers from Internet Security Auditors, a firm based in Spain, have identified several web vulnerabilities in LinkedIn. Since LinkedIn has patched the issues, the experts have decided to make their findings public.
The first vulnerability, a Cross-site request forgery (CSRF), was identified in January ... |
27 March 2013
17:41 GMT |
|
|
Pakistani security researcher Rafay Baloch has identified several security holes on various websites operated by Nokia. The company has addressed the vulnerabilities and has rewarded the expert’s work with a Nokia Lumia 820 smartphone.
The security holes identified by the researcher include an iFrame injection... |
27 March 2013
08:19 GMT |
|
|
Ruby on Rails 3.2.13, 3.1.12 and 2.3.18 have been released and, according to the developer, they contain some important security fixes. The security holes patched in these releases are a symbol denial-of-service (DOS) vulnerability in Active Record, a cross-site scripting (XSS) vulnerability in “sanitize_css&r... |
20 March 2013
04:41 GMT |
|
|
Security expert Junaid Hussain, aka TriCk of TeaMp0isoN, has identified several vulnerabilities on Keek.com, a relatively new social networking service that allows users to upload video status updates via their webcams or the Keek mobile apps. Cross-site scripting (XSS) vulnerabilities have been identified in the Bl... |
9 March 2013
10:11 GMT |
|
|
Junaid Hussain – the founder of illSecure.com, or better known as TriCk of the TeaMp0isoN hacktivists group – has identified a cross-site-scripting (XSS) vulnerability in Google Fusion Tables. Google Fusion Tables is an experimental data visualization web application designed to gather, visualize, and sh... |
8 March 2013
07:04 GMT |
|
|
Independent security researcher Mirza Burhan Baig of blackbitz.net has identified a DOM-based cross-site scripting (XSS) vulnerability on the “Find Locations” subdomain of Apple’s official website (locate.apple.com). Apple has addressed the issue and officially credited the expert for his fin... |
4 March 2013
15:41 GMT |
|
|
Pakistani security researcher Rafay Baloch has identified a couple of vulnerabilities in Avira’s BetaCenter site. The security holes are a directory traversal and a reflected cross-site scripting (XSS) issue. “Directory traversal is an attack which allows an attacker to access restricted directories and ... |
15 February 2013
17:01 GMT |
|
|
A few weeks ago, Mega – the new file sharing website launched by Kim Dotcom – announced the start of a vulnerability reward program. In the report released for the first week, the company revealed that a total of 7 security holes have already been identified.
It turns out that no one has discovered class... |
11 February 2013
05:04 GMT |
|
|
Independent security researcher David Sopas has identified a reflected cross-site scripting (XSS) vulnerability on eBay’s careers website (ebaycareers.com).
The expert has revealed that the security hole affected the search section of the website, more precisely the field from “Search Openings.”
e... |
8 February 2013
07:10 GMT |
|
|
Last week, Bitdefender experts detailed a cybercriminal scheme in which the attackers leveraged a cross-site scripting vulnerability present on the Yahoo! Developer Network Blog to steal user cookies and hijack sessions. Now, Yahoo! claims to have addressed the issues.
The hackers sent out spam emails containing a l... |
4 February 2013
02:58 GMT |
|
|
Bitdefender warns users that cybercriminals are trying to hijack their accounts by relying on a cross-site scripting (XSS) type of attack.
It all starts with an email coming from a contact. The message doesn’t say much, except for “check out this page,” followed by a link.
The link appears to le... |
31 January 2013
03:42 GMT |
|
|
Secure cloud hosting provider FireHost has released its web application attack statistics for the fourth quarter of 2012. According to the figures, the number of cross-site scripting (XSS) attacks has increased by 160% compared to the previous quarter.
In Q3 of 2012, the company’s servers in the US and Europe ... |
29 January 2013
18:51 GMT |
|
|
Security researcher Deepanker Verma has identified a cross-site scripting vulnerability in the main search form of Delish, the popular cooking website operated by Microsoft and Hearst Magazines. The security hole has been fixed.
The expert, who is the founder of the Hacking Tricks website, has told me in an email th... |
23 January 2013
16:11 GMT |
|
|
Security researchers from Zscaler have put their Zscaler Application Profiler (ZAP) service to good use and they’ve identified a couple of vulnerabilities in the ESPN ScoreCenter iOS app – an official ESPN Inc. application which allows users to check out live scores, videos, news and alerts.
The first is... |
18 January 2013
05:13 GMT |
|
|
On Wednesday, Drupal 7.19 and Drupal 6.28 were released. The security updates have been made available to address a cross-site scripting (XSS) and a couple of access bypass vulnerabilities that affect Drupal core 6.x and 7.x versions.
The reflected XSS vulnerability, which impacts both Drupal 6 and 7, affects certai... |
17 January 2013
04:07 GMT |
|
|
Security researcher Rafay Baloch has identified vulnerabilities in the websites of Microsoft and Twilio. He has also discovered a number of flaws in the ProActive content management system (CMS).
Twilio rushed to address the Cross-site request forgery (CSRF) vulnerability identified by the expert.
To demonstrate h... |
16 January 2013
18:31 GMT |
|
|
On Monday, we learned that a DOM-based cross-site scripting (XSS) vulnerability that affected Yahoo! could be exploited by cybercriminals to take over accounts. The company rushed to issue a fix for the security hole, but experts have found that the patch is not effective. Security expert Shahin Ramezany, the one wh... |
9 January 2013
07:47 GMT |
|
|
Yahoo Mail is apparently vulnerable to an XSS exploit which could leave users with compromised accounts or worse. The cross-site scripting vulnerability is at the DOM level and works in all major browsers, its creator claims. Yahoo is investigating the issue but hasn't said much else on the matter. Regardless... |
7 January 2013
17:31 GMT |
|
|
Indian Security researcher Deepanker Verma claims to have uncovered cross-site scripting (XSS) and iFrame injection vulnerabilities on the shopping website of AOL.
According to the expert, cybercriminals could leverage these flaws to steal user cookies and hijack sessions.
To demonstrate the fact that iFrames can... |
7 January 2013
04:51 GMT |
|
|
The websites of financial institutions are not always as secure as they should be. A perfect example is the public site of Islami Bank Bangladesh – the pioneer of Islamic banking in Bangladesh – which has been found to contain SQL Injection and cross-site scripting (XSS) vulnerabilities. The security ho... |
7 January 2013
04:32 GMT |
|
|
Security researcher Rafay Baloch has identified cross-site scripting (XSS) and SQL Injection vulnerabilities on the “With Friends” website of social game developer Zynga, zyngawithfriends.com. Shortly after being notified, the company rushed to address the security holes. “The response and the fi... |
4 January 2013
05:59 GMT |
|
|
16-year-old security researcher Thamatam Deepak has identified a number of three cross-site scripting (XSS) vulnerabilities and a cookie handling flaw on the website of world-renowned smartphone manufacturer HTC.
The expert told The Hacker News that the vulnerabilities – which affected pages such as product se... |
28 December 2012
08:46 GMT |
|
|
Security researcher Christy Philip Mathew has identified cross-site scripting (XSS) vulnerabilities in cPanel & WHM 11.34, the latest version of the popular web hosting control panel.
Security holes have been found on the Basic cPanel & WHM Setup page, and on a couple of webpages of the X3 theme demo.
Th... |
27 December 2012
10:28 GMT |
|
|
ViruS_HimA, the Egyptian hacker who managed to breach the systems of Adobe a few weeks ago, is back. He now claims to have gained access to Yahoo! servers.
The hacker says he has managed to gain full access to one Yahoo domain and 12 of the company’s databases. He also reveals that he has found a reflected cro... |
17 December 2012
03:32 GMT |
|
|
According to security researcher Janne Ahlberg, who has thoroughly investigated the latest incident as a result of which thousands of Tumblr blogs have been hijacked, the stored cross-site scripting (XSS) vulnerability that has allowed the hackers to pull of the stunt remains unfixed.
The expert highlights the fact ... |
11 December 2012
09:39 GMT |
|
|
Underground hacking forums are flooded with all sorts of zero-day exploits, many of which can be used to attack millions of regular Internet users. A perfect example is the Yahoo! Mail zero-day exploit identified by journalist and security researcher Brian Krebs. According to Krebs, the details of the vulnerability ... |
23 November 2012
04:53 GMT |
|
|
Microsoft has fixed a DOM-based cross-site scripting (XSS) vulnerability in the “Learning” section of microsoft.com after being notified by independent security researcher Rafay Baloch. The expert has provided us with a screenshot to demonstrate the existence of the security hole.
“The vulnerabilit... |
9 November 2012
15:11 GMT |
|
|
The Joomla Project has released Joomla 3.0.2 and Joomla 2.5.8. Both variants come with a number of improvements, including fixes for security issues.
In Joomla 3.0.2 the developers have added a new feature which allows users to assign articles and article categories from different languages, and the module will disp... |
9 November 2012
08:56 GMT |
|
|
Security researchers from Minded Security have identified a document object model (DOM)-based cross-site scripting (XSS) vulnerability on Google.com. The security hole has been identified with the aid of DOMinatorPro - a runtime JavaScript DOM XSS analyzer. According to the researchers, DOMinatorPro revealed a piec... |
8 November 2012
10:40 GMT |
|
|
Security researchers from Minded Security have identified a DOM-based cross-site scripting (XSS) vulnerability in the +1 button of the Google Plus social network. The flaw has been discovered with the aid of DOMinatorPro, a clever tool that can be highly useful for finding such bugs in JavaScript web apps.
The vulne... |
5 November 2012
10:02 GMT |
|
|
Security researcher Rafay Baloch has identified a persistent cross-site scripting (XSS) vulnerability and an SQL Injection flaw on the official website of ESET Taiwan (eset.tw).
“The search box is vulnerable. Once the user inserts an inverted comma into the box, the alert is executed. This, at first, looked l... |
31 October 2012
15:41 GMT |
|
|
FireHost, a company that specializes in secure cloud hosting, has released its web application attack report for the third quarter of 2012. The results are based on the 15 million cybattackes blocked by the company in the US and Europe during this period. The most prevalent types of attacks – the ones that pos... |
23 October 2012
08:36 GMT |
|
|
Security researcher Prashant Uniyal claims to have identified vulnerabilities on the websites of three major Indian mobile operators: state-owned Bharat Sanchar Nigam Limited (BSNL), Tata Communications and Idea Cellular.
The expert contacted the companies to let them know of the existence of the flaws in their we... |
22 October 2012
06:04 GMT |
|
|
Security researcher Janne Ahlberg has identified reflected cross-site scripting (XSS) vulnerabilities in a number of four premium WordPress themes: BigBang, AirWP, ZigZag and Convergence.
XSS vulnerabilities are highly common in websites these days. They usually plague websites because developers fail to properly fi... |
16 October 2012
04:36 GMT |
|
|
Security researchers have identified a couple of persistent cross-site scripting (XSS) vulnerabilities on TopCoder.com, a community of over 425,000 software developers, digital designers and algorithmists.
Shadab Siddiqui and Anshul Rohira have identified vulnerabilities on a couple of topcoder.com subdomains.
&ldq... |
15 October 2012
15:51 GMT |
|
|
Security expert Prakhar Prasad has identified a couple of vulnerabilities on websites owned by Adobe. Although he reported both issues as soon as they were discovered, the company failed to properly coordinate the fixing process.
The first security hole is a cross-site scripting (XSS) vulnerability on the partners.a... |
15 October 2012
05:50 GMT |
|
|
Security researchers Anshul Rohira and Shadab Siddiqui have identified a persistent (stored) cross-site scripting (XSS) vulnerability on CodeChef.com, the popular non-commercial programming community. The experts highlight the fact that unlike reflected XSS security holes, persistent ones are far more problematic be... |
9 October 2012
15:01 GMT |
|
|
eBay listed security researcher Rafay Baloch in its hall of fame after the expert managed to identify a “very unusual” non-persistent cross-site scripting (XSS) vulnerability.
“There was a WAF/IPS in place which was filtering out the html and JavaScript being embedded into the page. I managed to b... |
28 September 2012
06:53 GMT |
|
|
Microsoft addressed cross-site scripting (XSS) and HTML Injection vulnerabilities on its websites after security researcher Rafay Baloch notified the company of their existence.
We have another great example of how a proper acknowledgment program encourages security researchers to practice responsible disclosure, in... |
24 September 2012
03:57 GMT |
|
|
Security researcher Prakhar Prasad has identified cross-site scripting vulnerabilities on a number of three subdomains owned by security solutions provider Symantec. Fortunately, the company has addressed the issues before they could be exploited by cybercriminals. The subdomains affected by the flaw were clientui-k... |
15 September 2012
03:27 GMT |
|
|
Microsoft has issued two security bulletins as part of its September 2012 Patch Tuesday release. One noteworthy fact is that the company hasn’t made available so few bulletins since May 2011.
The first bulletin – rated as Important - addresses a cross-site scripting (XSS) security hole present in Visual ... |
12 September 2012
05:02 GMT |
|
|
Experts from the Vulnerability Lab have identified a number of security holes in FortiGate UMT appliances found on the US Army’s 2012 Information Assurance Approved Products List (IA APL). Fortunately, the company has addressed the vulnerabilities to ensure that their customers are protected.
The first flaws &... |
11 September 2012
08:26 GMT |
|
|
The stable channel of Google Chrome for Windows, Mac and Linux has been updated to 21.0.1180.89. Besides some important bug fixes, the update also comes with a number of eight security improvements.
The three high-severity vulnerabilities addressed by this update have been identified by miaubiz, Nicholas Gregoire, a... |
31 August 2012
06:50 GMT |
|
|
Gourab Paul, a cyber-security enthusiast, claims to have identified a number of serious security holes in the websites designed by TechShot Digital for a number of professional cricket players from India. He accuses the company of neglecting to properly secure the sites. “As we know our India is very much pass... |
22 August 2012
03:58 GMT |
|
|
After trying to get Tesco to fix the security holes that could expose its online shoppers, software architect and Microsoft MVP Troy Hunt has made a video to demonstrate the risks that hide behind the classic cross-site scripting (XSS) vulnerabilities.
The video and the blog post in which the expert explains everyth... |
20 August 2012
16:31 GMT |
|
|
Researchers from the Vulnerability Lab have identified a couple of security holes in SonicWALL Email Security 7.3.5.6379. The company was notified of the existence of the flaw back in May, but since it failed to respond within the 90-day period, the security firm has decided to publicly reveal the existence of the is... |
14 August 2012
04:39 GMT |
|
|
Besides delivering stability improvements, the freshly launched Opera 12.01 also plugs a few security holes, among which a critical one that consisted in allowing arbitrary code execution by certain URL constructs.
Some page address constructs would cause Opera to allocate the wrong amount of memory for storing the ... |
2 August 2012
07:31 GMT |
|
More: next 50 >> |
|
|
Find us on Google+
