HackDig : Dig high-quality web security articles for hackers

Lock and Code S1Ep18: Finding consumer value in Cybersecurity Awareness Month with Jamie Court

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Jamie Court, president of the non-profit advocacy group Consumer Watchdog, about the consumer value in Cybersecurity Awareness Month. Launched initially as a joint effort between government and industry, this once
Publish At:2020-10-26 12:05 | Read:225 | Comments:0 | Tags:Podcast brute force attacks consumer cybersecurity consumer

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, they’ve also caused quite the headache for browser vendors to fix. Browser lockers are only one element of a bigger plan to redirect traffic from
Publish At:2020-10-21 18:59 | Read:238 | Comments:0 | Tags:Cybercrime Social engineering cross-site scripting tech supp

XSS plugin vulnerabilities plague WordPress users

byDanny BradburyThousands of active WordPress plugins have been hit with a swathe of cross-site scripting (XSS) vulnerabilities that could give attackers complete control of sites. One of the affected plugins was designed to work with the popular WordPress ecommerce system WooCommerce.Researchers at NinTechNet found a vulnerability in the WordPress Flexible
Publish At:2020-03-03 08:07 | Read:1025 | Comments:0 | Tags:Security threats Vulnerability Async cross-site scripting Fl

Cookie-nabbing app could have served users side helping of XSS

byDanny BradburyA popular GDPR compliance WordPress plugin vendor has patched a flaw that rendered both site visitors and admins vulnerable to cookie-stealing cross-site scripting (XSS) attacks.The GDPR Cookie Consent plugin, created by WebToffee, claims over 700,000 users. The plug-in is a notification app that begs you to accept cookies when you first visi
Publish At:2020-02-15 12:43 | Read:906 | Comments:0 | Tags:Security threats Cookie consent cookies cross-site scripting

BT Wi-Fi extender, extends to XSS and password changing vulnerabilities

Following an investigation by Pen Test Partners, British Telecom (BT) has released a firmware upgrade for their popular range of Wi-Fi extenders. The investigation uncovered vulnerabilities within the firmware when left the device exposed to possible XSS (Cross Site Scripting) Exploits as well as the ability to change the user’s password without notification
Publish At:2016-09-22 21:20 | Read:5405 | Comments:0 | Tags:Breaking News Hacking BT Cross-Site Scripting networking Wi-

Flaws in BMW ConnectedDrive Infotainment System allow remote hack

A research discovered two zero-day vulnerabilities residing in the official BMW web domain and ConnectedDrive portal that allow remote hack. Once again IoT devices are affected by a serious flaw that could be exploited by hackers to compromise them, this time we speak of Car Hacking. Almost any modern connected vehicle uses a drive-by-wire system that relies
Publish At:2016-07-08 17:05 | Read:4257 | Comments:0 | Tags:Breaking News Hacking BMW ConnectedDrive Car hacking Cross-S

Critical Flaws Found in Network Management Systems

Four leading network management system providers are busying patching and preparing fixes for a half-dozen critical cross-site scripting and SQL injection vulnerabilities disclosed Wednesday by Rapid7.Two of the affected vendors, Spiceworks and Opsview, have already patched their respective products, while Ipswitch had promised to patch two bugs in its NMS p
Publish At:2015-12-18 07:15 | Read:5988 | Comments:0 | Tags:Vulnerabilities Web Security Castle Rock Computing cross-sit

WordPress Jetpack Plugin Patched Against Stored XSS Vulnerability

After a few critical bugs were recently discovered and patched in the core WordPress engine—a rarity with WordPress-related security issues—order has apparently been restored with the discovery of a critical vulnerability in a popular plugin.Insecure plugins have been at the heart of numerous attacks launched from compromised WordPress site. One was patched
Publish At:2015-10-03 02:30 | Read:3555 | Comments:0 | Tags:Vulnerabilities Web Security cross-site scripting stored cro

Serious Imgur bug exploited to execute worm-like attack on 8chan users

A recently discovered attack on visitors of the 8chan image website went well beyond the venue's usual script-kiddie fare by combining two weaknesses on that property with a potentially catastrophic vulnerability on the wildly popular photo-sharing site Imgur.com.The result: the browsers of people who viewed certain Imgur-hosted images linked on one or more
Publish At:2015-09-23 08:25 | Read:4884 | Comments:0 | Tags:Risk Assessment Technology Lab 8chan Adobe Flash cross-site

WordPress Patches Serious Shortcodes Core Engine Vulnerability

WordPress core engine security vulnerabilities aren’t rare, but they are uncommon. Most issues affecting the integrity of sites running on the content management system are introduced by third-party plugins and put those sites at risk for a host of attacks.Today WordPress upgraded to version 4.3.1 which patched three vulnerabilities, two of which were
Publish At:2015-09-16 03:40 | Read:4056 | Comments:0 | Tags:Vulnerabilities Web Security Check Point cross-site scriptin

Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications

Most automated scanning and security tools that ferret out cross-site scripting vulnerabilities don’t do much analysis beyond the target application. Netflix this week, however, released to open source a tool developed in-house that persists beyond the target app and can flag potential XSS trouble in secondary applications.The tool, called Sleepy Puppy
Publish At:2015-09-02 23:00 | Read:4022 | Comments:0 | Tags:Vulnerabilities Web Security cross-site scripting Daniel Mie

Salesforce Patches XSS on a Subdomain

Salesforce.com has patched a vulnerability on one of its subdomains that exposed users to account takeover, phishing attacks and the installation of malicious code.The vulnerability was disclosed yesterday by researcher Aditya K. Sood of Elastica Cloud Threat Labs. Sood said admin.salesforce.com was vulnerable to a cross-site scripting attack that has sinc
Publish At:2015-08-14 03:45 | Read:3297 | Comments:0 | Tags:Cloud Security Vulnerabilities Web Security Aditya Sood cros

XSS flaw put Salesforce accounts at risk of hijacking

Security researchers have found a cross-site scripting (XSS) vulnerability on the Salesforce website, that could be exploited by malicious hackers to conduct phishing attacks and hijack the accounts of users.The researchers at Elastica report that they uncovered the weakness on one of Salesforce’s subdomains, admin.salesforce.com.Specifically, the issu
Publish At:2015-08-13 09:00 | Read:3588 | Comments:0 | Tags:Featured Articles IT Security and Data Protection cross-site

WordPress Patches Critical XSS Vulnerability in All Builds

WordPress rolled out a new version of its content management system this morning that addresses a nasty cross-site scripting (XSS) vulnerability that could ultimately lead to site compromise.According to Gary Pendergast, an engineer at Automattic, WordPress’ parent company, the XSS vulnerability could be exploited by any users marked ‘contributor
Publish At:2015-07-28 09:05 | Read:2915 | Comments:0 | Tags:Vulnerabilities Web Security CMS Content management bugs cro

Joomla Helpdesk Pro flaws leave systems vulnerable to several attacks

The Outpost24 team has identified several vulnerabilities that affect Joomla HelpDesk Pro extension, the flaws can lead to remote code execution on servers. Kasper Bertelsen, a security researcher at Outpost24 has discovered a number of vulnerabilities in the Joomla Helpdesk Pro extension which can lead to remote code executio
Publish At:2015-07-22 13:30 | Read:4748 | Comments:0 | Tags:Hacking Security arbitrary file upload CMS Cross-Site Script

Tools