|
Home > News > Tags > code injection
|
|
30
Stories about: code injection |
|
|
Skype disputes the severity of a new cross-site scripting vulnerability identified in its VoIP client and claims that it cannot be used to do more than change the appearance of text.The vulnerability was discovered by an Armenian security researcher named Levent Kayan, aka noptrix, who recently identified similar fla... |
23 August 2011
09:57 GMT |
 |
|
Researchers from web security vendor Armorize have detected a new mass injection attack that affected over 22,000 websites so far and directs users to drive-by download exploits.The researchers were able to determine the number of affected domains because the attackers originally forgot a script tag, rendering their ... |
17 August 2011
14:47 GMT |
|
|
Security researchers warn that the number of attacks exploiting a flaw in a popular WordPress script continues to increase and started leading to malware.Timthumb is an image manipulation script incorporated by default in many popular WordPress themes. This means that even if it's not a part of the platform'... |
16 August 2011
12:23 GMT |
|
|
The website of the Super Glue Corporation, maker of the original Super Glue adhesive product, was infected with malicious code that directed visitors to malware.The infection was picked up by avast! Antivirus installations and alerted the security vendor's researchers who set out to investigate."The infection wa... |
12 August 2011
12:58 GMT |
|
|
Malicious code that led to a powerful exploit kit was injected into a compromised USPS.gov website in order to infect visitors with malware.The infection was spotted by cloud security provider Zscaler on the United States Postal Service's Rapid Information Bulletin Board System (RIBBS) website, ribbs.usps.gov. T... |
8 April 2011
06:40 GMT |
|
|
The Tunisian government is suspected of injecting password stealing JavaScript code into the login pages of popular websites via its Internet agency that controls the entire country's Internet gateways.According to reports from Internet users in Tunisia, a country engulfed in violent street riots recently, the l... |
5 January 2011
13:20 GMT |
|
|
Security researchers have observed new attacks using compromised websites to create rogue online stores that sell counterfeit software and are promoted in Google.Compromised websites are a common component in many attacks, but are generally used as doorways to drive-by downloads, scareware pages or spam sites.Users l... |
14 December 2010
11:50 GMT |
|
|
TechCrunch's 2009 Crunchies award website is currently blacklisted by Google for trying to install malicious software on visitors' computers, but there is reason to believe that the infection was more extensive.TechCrunch is one of the most popular technology blogs and over time has evolved into a network o... |
30 September 2010
04:17 GMT |
|
|
Security researchers warn that a new wave of websites hosted at RackSpace have fallen victim to a mass injection attack, which generates unique infections.The affected websites are WordPress-based blogs or sites hosted on accounts where WordPress is also present.This suggests that the attack vector might be a common ... |
20 September 2010
03:01 GMT |
|
|
Researchers from Sucuri Security, a company running a web integrity monitoring service, warn that a number of websites hosted at Go Daddy have had malicious code injected into their pages.All infected sites had base64-encoded JavaScript added to all of their PHP files. The rogue scripting decodes to a <script&#x... |
18 September 2010
09:49 GMT |
|
|
Several websites from the TechCrunch Network, including TechCrunch Europe, MobileCrunch and CrunchGear fell victim to a code injection attack, which served malware to visitors.Founded in 2005, TechCrunch is one of the most popular technology blogs on the Internet. Since then it has evolved into a network or websites... |
7 September 2010
05:41 GMT |
|
|
Media Temple customers were hit by a new wave of mass injections, in what starts to look like a weekly occurrence, despite the hosting provider working very hard to clean affected websites and secure them.According to Denis Sinegubko, the creator of the Unmask Parasites online website scanner, which can detect if Web... |
16 August 2010
04:04 GMT |
|
|
Malware researchers from AVAST Software have come across an older digitally signed Norton Antivirus component, which despite having been infected by a known virus is not detected by most anti-malware programs.The AVAST analysts suspected a false positive when a file carrying a valid Symantec digital signature trigger... |
13 August 2010
09:15 GMT |
|
|
A new mass injection tries pass the rogue code added to compromised websites as the Google Analytics script. The attack is actually part of a malicious campaign to distribute a new piece of scareware that has a very low detection rate.The compromises are likely the result of SQL injection vulnerabilities in mostly AS... |
9 August 2010
13:08 GMT |
|
|
Security researchers warn that a new mass injection attack affecting websites hosted at Rackspace and Media Temple. The compromises result in rogue JavaScript code being added to legit .js files used by the affected websites.The new attack was reported by Denis Sinegubko, the creator of the Unmask Parasites website s... |
9 August 2010
04:42 GMT |
|
|
Security researchers from Websense warn that over one hundred websites hosted at Media Temple (mt) have been injected with rogue code that lead visitors to a potent Web exploitation kit. The toolkit targets a dozen vulnerabilities in older versions of Flash Player, Adobe Reader, Internet Explorer or Java Runtime.The ... |
6 August 2010
10:12 GMT |
|
|
Security researchers warn that multiple osCommerce websites have been compromised during the last few days. The rogue code injected into their pages attempts to infect visitors with malware served from an external domain.The compromises have been detected by Sucuri Security, a company selling Website integrity monito... |
6 July 2010
08:48 GMT |
|
|
YouTube was plagued by a serious cross-site scripting vulnerability over the weekend. Until Google moved in to pattch it, the bug was abused by unnamed attackers to poison the comments on multiple videos.Rumors of viruses being spread through YouTube started sometime on Sunday, and the news quickly took off on Twitte... |
5 July 2010
03:58 GMT |
|
|
AVAST Software reports that Vodafone's UK website has been infected with malicious scripts, which attempted to exploit their visitors. The attacked targeted the still unpatched remote code execution vulnerability in the Windows XP Help Center. According to the antivirus vendor, the malicious code injected b... |
2 July 2010
11:05 GMT |
|
|
Hundreds of WordPress blogs hosted on shared servers were compromised over the weekend and had malicious code injected into their pages. A detailed analysis of the affected sites uncovered instructions to hide the attack from Google's web crawler.The obfuscated JavaScript code injected into the footer.php script... |
10 May 2010
12:05 GMT |
|
|
Security researchers warn that a significant number of WordPress websites have been compromised recently as part of what looks to be a money-generating affiliate scheme. The header.php template files are being injected with obfuscated JavaScript code. "Late last week, I noticed something of a surge in reports of a p... |
4 February 2010
11:42 GMT |
|
|
Security researchers warn that the Fox Sports website has been compromised by unknown attackers, who injected malicious code into a custom error page. There are two separate offensive script tags, each of them created by a different infection.The page was detected by the ThreatSeeker Network system developed and oper... |
30 December 2009
10:04 GMT |
|
|
Security researchers warn that a recently published exploit for a vulnerability in Webalizer might be used to inject malicious code into tens of thousands of legitimate websites. The compromised URLs are redirecting to other websites serving malware and attempting to exploit unwary visitors.The Threat Prevention Team... |
25 August 2009
04:32 GMT |
|
|
Researchers from Internet security vendor Websense warn of a new wave of web attacks that has resulted in 40,000 websites being compromised. The new threat injects malicious obfuscated JavaScript code, which subsequently loads and attempts to execute numerous exploits from a third-party server. According to the comp... |
3 June 2009
06:25 GMT |
|
|
Security researchers warn that the currently most widespread web threat, technically known as JSRedir-R, but generally called Gumblar, has morphed in order to resist take-down attempts. The new iteration of this exploit features a new domain name and more complex obfuscation. Gumblar is a complex web exploit. Report... |
20 May 2009
08:13 GMT |
|
|
Malware analysts from security vendor Sophos warn that the number of pages infected with the Gumblar malcious script has recently sky-rocketed, putting the exploit at the top of the list of Web threats. The impact of the previous record setter Mal/Iframe-F now dwarfs in comparison. According to Sophos, Troj/JSRedir-... |
15 May 2009
05:17 GMT |
|
|
Malware researchers from security vendor Prevx have come across a new Mebroot version, which they claim to be, by far, the most sophisticated rootkit out in the wild today. The threat is completely memory-resident, does a very good job at avoiding detection and has already infected thousands of people. The original ... |
16 April 2009
04:27 GMT |
|
|
ScanSafe, a global provider of SaaS Web security, has announced that the official website of multiple Grammy Award-winning artist Paul McCartney has been compromised by hackers. The cybercrooks injected a malicious hidden IFrame into the pages, which was serving multiple exploits. The incident took place shortly bef... |
9 April 2009
08:59 GMT |
|
|
A self-proclaimed ethical hacker has disclosed multiple bugs affecting the eBay UK website. On their own, or combined, these flaws can facilitate different attacks such as phishing, session cookie hijacking or expose secure information. Screenshots of several proof-of-concept attacks against ebay.co.uk have been pub... |
4 April 2009
04:38 GMT |
|
|
Kaspersky Labs' website security comes under scrutiny again by vulnerability hunters, after a SQL injection vulnerability has been recently found. An ethical hacker has disclosed that three different pages from the German section of the Kaspersky website are vulnerable to cross-site scripting attacks. A hacker ... |
23 February 2009
05:28 GMT |
|
|
The website of the Embajada de la India en España has been compromised by attackers who injected malware serving code into its pages, warn security researchers. The malicious application served contains a rootkit component, which attaches itself to the svchost.exe process. Initially reported by Ismael Valenzu... |
30 January 2009
06:07 GMT |
|
|
Identity thieves hacked the website of the Hilton business empire heiress, Paris Hilton, and used it to distribute a financial information-stealing Trojan. The visitors of the website were prompted with a malware pushing dialog box masquerading as an update. High profile websites are always a target for identity thie... |
14 January 2009
04:34 GMT |
|
|
The XSSed project made public four different cross-site scripting vulnerabilities discovered by individual security researchers. The flaws affect the developers, applications, user registration, and iPhone login pages. The XSSed project is an important source of information regarding cross-site scripting (XSS) attac... |
16 December 2008
06:42 GMT |
|
|
|
|
Find us on Google+
